Miggo Logo
Miggo Vulnerability Database
CVE-2011-2185

CVE-2011-2185: Fabric vulnerable to symlink attack on tmp files

4.4

CVSS Score

Basic Information

CVE ID
CVE-2011-2185
GHSA ID
GHSA-xwg2-qc6c-7c3q
EPSS Score
0.07585%
CWE
CWE-59
Published
5/17/2022
Updated
1/19/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:L/AC:M/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
fabricpip< 1.1.01.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure temporary file handling in the upload_project function. The pre-patch code used timestamp-based filenames in /tmp (e.g., '/tmp/fab.%s.tar') which are predictable. Attackers could exploit this by creating symlinks at these paths. The commit 3445b56 fixed this by introducing mkdtemp for secure temporary directory creation, confirming the vulnerability resided in this function. The CVE description explicitly references '/tmp/fab.*.tar' files, which are directly tied to this function's pre-patch behavior.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***ri* ***or* *.*.* *llows lo**l us*rs to ov*rwrit* *r*itr*ry *il*s vi* * symlink *tt**k on (*) * `/tmp/***.*.t*r` *il* or (*) **rt*in ot**r *il*s in t** top l*v*l o* `/tmp/`.

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* t*mpor*ry *il* **n*lin* in t** `uplo**_proj**t` *un*tion. T** pr*-p*t** *o** us** tim*st*mp-**s** *il*n*m*s in `/tmp` (*.*., `'/tmp/***.%s.t*r'`) w*i** *r* pr**i*t**l*. *tt**k*rs *oul* *xploit t*is *y *r**tin* sy