CVE-2013-4157 — Link Following in Redhat Storage Server

CWE-59 — Link Following CWE-377 — Insecure Temporary File5 documents5 sources

Severity

3.6LOWNVD

EPSS

0.0%

top 90.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Storage Server

Timeline

PublishedOct 4

Latest updateMay 17

Description

Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/storage_server2.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-m923-rj4w-wvh7: Red Hat Storage 2↗2022-05-17

▶

CVEList

CVE-2013-4157: Red Hat Storage 2↗2013-10-04

▶

📋Vendor Advisories

Red Hat

2.0: appliance-base / redhat-storage-server /tmp file creation vuln↗2013-09-04

▶

💬Community

Bugzilla

CVE-2013-4157 Red Hat Storage Server 2.0: appliance-base / redhat-storage-server /tmp file creation vuln↗2013-07-20

▶