Fedora EPEL 6 update for iodine
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-4168 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system iodine Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU41500
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-4168
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 6.0
iodine: before 0.7.0-1.el6
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-2159
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
