Release date:
Updated on:
Affected Systems:
Fish-shell 1.16.0-2.1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67097
CVE (CAN) ID: CVE-2014-2905
Fish is a Unix shell. Provides user-friendly and powerful command line completion, including descriptions of each completion item, tab completion of strings containing wildcards, and completion of many specific commands.
The local permission escalation vulnerability exists in the implementation of/tmp/fishd. socket. user in Fish-shell 1.16.0-2.1.0. A local attacker can exploit this vulnerability to obtain the elevation permission.
<* Source: David Adam
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Fish-shell
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://fishshell.com/