Improper Temporary File Use in Kamailio by Kamailio Technologies
CVE-2015-1590

7.8HIGH

Key Information:

Vendor

Kamailio

Status
Kamailio
Vendor
CVE Published:
7 September 2017

What is CVE-2015-1590?

The kamcmd administrative utility in Kamailio prior to version 4.3.0 improperly utilizes the /tmp/kamailio_ctl file, creating a potential security risk that can be exploited if the file is manipulated by unauthorized users. This improper management of temporary files can lead to various vulnerabilities, including privilege escalation and unauthorized access within the system. To mitigate this risk, it is recommended that users upgrade to the latest version and ensure secure configuration practices are followed.

References

http://www.openwall.com/lists/oss-security/2015/02/12/7
mailing-listx_refsource_MLIST
https://github.com/kamailio/kamailio/issues/48
x_refsource_CONFIRM
https://github.com/kamailio/kamailio/blob/4.3.0/ChangeLog...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.