Path traversal in Fedoraproject Fedora
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2010-0746 |
| CWE-ID | CWE-22 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU42167
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2010-0746
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems,. A remote authenticated attacker can send a specially crafted HTTP request and local users to gain privileges via . (dot dot) sequences in the label for a pluggable storage device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsFedora: 11 - 12
CPE2.3 External linkshttps://seclists.org/oss-sec/2010/q2/5
https://stealth.openwall.net/xSports/devshit.pl
https://xorl.wordpress.com/2010/04/06/cve-2010-0746-devicekit-local-privilege-escalation/
https://bugs.freedesktop.org/show_bug.cgi?id=23235
https://bugzilla.redhat.com/show_bug.cgi?id=523178
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
