CVE-2013-0164 - OpenCVE

The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift Openshift Origin

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift::-:enterprise:::::
	cpe:2.3:a:redhat:openshift_origin:1.0.5:::::::*

Package	CPE	Advisory	Released Date
RHEL 6 Version of OpenShift Enterprise
jenkins-0:1.498-1.1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
mongodb-0:2.0.2-6.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-console-0:0.0.13-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-broker-0:1.0.10-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-broker-util-0:1.0.14-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-cartridge-haproxy-1.4-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-cartridge-ruby-1.8-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-cartridge-ruby-1.9-scl-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-msg-node-mcollective-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-node-util-0:1.0.7-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
openshift-origin-port-proxy-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rhc-0:1.3.2-1.3.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
ruby193-rubygem-activerecord-1:3.2.8-2.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
ruby193-rubygem-passenger-0:3.0.12-21.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-activerecord-1:3.0.13-3.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-openshift-origin-auth-remote-user-0:1.0.4-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-openshift-origin-common-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-openshift-origin-console-0:1.0.6-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-openshift-origin-controller-0:1.0.11-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-openshift-origin-dns-bind-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-openshift-origin-msg-broker-mcollective-0:1.0.4-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z
rubygem-openshift-origin-node-0:1.0.10-6.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0220	2013-01-31T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2013-0220.html
https://bugzilla.redhat.com/show_bug.cgi?id=893307
https://github.com/openshift/origin-server/commit/524465f70a32d0eb6bf047e6a05c76c22d52bfa2
https://github.com/openshift/origin-server/pull/1136
https://nvd.nist.gov/vuln/detail/CVE-2013-0164
https://www.cve.org/CVERecord?id=CVE-2013-0164

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-24T22:00:00Z

Updated: 2024-08-06T14:18:09.219Z

Reserved: 2012-12-06T00:00:00Z

Link: CVE-2013-0164

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-02-24T22:55:01.300

Modified: 2023-02-13T04:38:07.667

Link: CVE-2013-0164

Redhat

Severity : Low

Publid Date: 2013-01-31T00:00:00Z

Links: CVE-2013-0164 - Bugzilla

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object