Lucene search
HistoryNov 23, 2013 - 11:55 a.m.
CVE-2013-4481
cve-2013-4481
luci
race condition
permissions
local users
sensitive information
nvd
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as “authentication secrets.”
Affected configurations
Node
scientificlinuxluciMatch0.26.0
ORredhatenterprise_linuxMatch6.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| scientificlinux:luci | scientificlinux luci | eq | 0.26.0 |
| redhat:enterprise_linux | redhat enterprise linux | eq | 6.0 |
Related
veracode
veracode
Information Disclosure
2019-01-15 08:51:38
Elevation Of Privileges By An Untrusted Search Path Vulnerability
2019-05-02 04:58:57
prion
prion
Race condition
2013-11-23 11:55:00
cvelist
cvelist
CVE-2013-4481
2013-11-23 11:00:00
nvd
nvd
CVE-2013-4481
2013-11-23 11:55:04
redhat
redhat
(RHSA-2013:1603) Moderate: luci security, bug fix, and enhancement update
2013-11-21 00:00:00
nessus
nessus
RHEL 6 : luci (RHSA-2013:1603)
2013-11-21 00:00:00
Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121)
2013-12-04 00:00:00
CentOS 6 : luci (CESA-2013:1603)
2014-11-12 00:00:00
centos
centos
luci security update
2013-11-26 13:32:13
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2013-4481