#VU39199 Data Handling in Fedora - CVE-2015-1839


| Updated: 2020-08-08

Vulnerability identifier: #VU39199

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-1839

CWE-ID: CWE-19

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Fedora
Operating systems & Components / Operating system

Vendor: Fedoraproject

Description

The vulnerability allows a local authenticated user to read and manipulate data.

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Fedora: 23

External links
https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html
https://bugzilla.redhat.com/show_bug.cgi?id=1212788
https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Data Handling in Fedoraproject Fedora