Symlink Attack in libimobiledevice Affects Various File Configurations
CVE-2013-2142

Currently unrated

Key Information:

Vendor

Libimobiledevice

Status
Libimobiledevice
Vendor
CVE Published:
19 January 2014

What is CVE-2013-2142?

A vulnerability in libimobiledevice version 1.1.4 allows local users to perform a symlink attack, potentially overwriting critical configuration files such as HostCertificate.pem and HostPrivateKey.pem. This occurs when the $HOME and $XDG_CONFIG_HOME environment variables are not set, enabling unauthorized access to affect files stored in /tmp/root/.config/libimobiledevice/. Malicious actors can exploit this flaw to manipulate or compromise secure communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2013/06/04/11
mailing-listx_refsource_MLIST
https://bugs.launchpad.net/ubuntu/%2Bsource/libimobiledev...
x_refsource_CONFIRM
http://libiphone.lighthouseapp.com/projects/27916-libipho...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.