CVE-2014-2905
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 10.4%
EPSS: 2026-05-06
Afecta
fishshell:fishDescripción técnica
fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.
Publicada: 2/5/2014, 14:55:07
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html
- http://www.openwall.com/lists/oss-security/2014/04/28/4
- https://github.com/fish-shell/fish-shell/issues/1436
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00071.html
- http://www.openwall.com/lists/oss-security/2014/04/28/4
- https://github.com/fish-shell/fish-shell/issues/1436