Showing 1 - 1 of 1

CVE-2013-2142

Status Candidate

Overview

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.

Related Files

Ubuntu Security Notice USN-1927-1: Posted Aug 14, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1927-1 - Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue should be mitigated by the Yama link restrictions.; tags | advisory, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2013-2142; SHA-256 | f119bb9310e69655e310ff5fd8b5ab4e4715f2598b8ece8795beafcd0f842e7f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 389 files
Ubuntu 92 files
Debian 30 files
BugsBD Limited 21 files
Rahad Chowdhury 21 files
Gentoo 18 files
tmrswrr 12 files
Google Security Research 5 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,850)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,624)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,137)
UNIX (9,340)
UnixWare (187)
Windows (6,606)
Other

CVE-2013-2142

Overview

Related Files

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems