CVE-2013-2142

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
libimobiledevicelibimobiledevice
1.1.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libimobiledevice
bookworm
1.3.0-6
fixed
bullseye
1.3.0-6
fixed
squeeze
not-affected
wheezy
not-affected
sid
1.3.0+git20240701-2
fixed
trixie
1.3.0+git20240701-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libimobiledevice
raring
Fixed 1.1.4-1ubuntu6.2
released
quantal
Fixed 1.1.4-1ubuntu3.2
released
precise
not-affected
lucid
ignored
Common Weakness Enumeration
References
http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use
http://www.openwall.com/lists/oss-security/2013/06/04/11
http://www.ubuntu.com/usn/USN-1927-1
https://bugs.launchpad.net/ubuntu/%2Bsource/libimobiledevice/%2Bbug/1164263
http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use
http://www.openwall.com/lists/oss-security/2013/06/04/11
http://www.ubuntu.com/usn/USN-1927-1
https://bugs.launchpad.net/ubuntu/%2Bsource/libimobiledevice/%2Bbug/1164263