Back to search
CVE-2014-2905
Published: May 2, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20140428 Upcoming security release of fish 2.1.1
mailing-list
x_refsource_MLIST
https://github.com/fish-shell/fish-shell/issues/1436
x_refsource_CONFIRM
openSUSE-SU-2019:2177
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2188
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now