Red Hat Bugzilla – Bug 710462
CVE-2011-2185 fabric: Use of insecure temporary file by uploading templates and projects to remote hosts
Last modified: 2014-11-20 15:01:40 EST
It was found that fabric, a simple Pythonic remote deployment tool,
used insecure way for creation of temporary files, when uploading
template text files and project files to a remote system. A local attacker
could use this flaw to conduct symlink attacks to upload sensitive
information to remote host or to overwrite certain local system files.
This issue affects the versions of the fabric package, as shipped with
Fedora release of 13, 14, and 15. Please schedule an update, once final
upstream patch known.
Created fabric tracking bugs for this issue
Affects: fedora-all [bug 710465]
The CVE identifier of CVE-2011-2185 has been assigned to this issue: