Security Advisory

CVE-2014-2905

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-05-02 14:00:00

Last updated 2024-08-06 10:28:46

Assigner mitre

State PUBLISHED

Description

fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.

← Browse all CVEs View on cve.org ↗