Computer Security
[EN] securityvulns.ru no-pyccku


libmobiledevices symbolic links vulnerability
Published:09.10.2013
Source:
SecurityVulns ID:13355
Type:library
Threat Level:
5/10
Description:Symbolic links vulnerability on emporary files creation.
Affected:LIBMOBILEDEVICE : libimobiledevice 1.1
CVE:CVE-2013-2142 (userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.)
Original documentdocumentUBUNTU, [USN-1927-1] libimobiledevice vulnerability (09.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod