CVE-2013-0164

CWE-264 CWE-3775 documents5 sources

Severity

3.6LOW

EPSS

0.1%

top 82.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Redhat Openshift Origin

Timeline

PublishedFeb 24

Latest updateMay 5

Description

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

▶NVDredhat/openshift_origin1.0.5

▶NVDredhat/openshift1.0

🔴Vulnerability Details

GHSA

GHSA-pf6c-h3c9-qfmc: The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1↗2022-05-05

▶

CVEList

CVE-2013-0164: The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1↗2013-02-24

▶

📋Vendor Advisories

Red Hat

openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation↗2013-01-31

▶

💬Community

Bugzilla

CVE-2013-0164 openshift-origin-port-proxy: openshift-port-proxy-cfg lockwrap() tmp file creation↗2013-01-09

▶