Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-2524

Опубликовано: 14 мар. 2014
Источник: redhat
CVSS2: 2.1
EPSS Низкий

Описание

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Отчет

This issue is only exposed via readline's debugging/tracing code and is not used by readline or any other application in Red Hat Enterprise Linux. The tracing functions are defined in a private header file and are only meant for the readline library's internal use. In general use, there is no exposure of this insecure temporary file issue, and while this does affect the versions of readline as shipped with Red Hat Enterprise Linux 5, 6 and 7 it is not currently planned to be addressed in future updates. Red Hat Product Security has rated this issue as having Low security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5compat-readline43Not affected
Red Hat Enterprise Linux 5readlineNot affected
Red Hat Enterprise Linux 6compat-readline5Not affected
Red Hat Enterprise Linux 6mingw32-readlineNot affected
Red Hat Enterprise Linux 6readlineWill not fix
Red Hat Enterprise Linux 7readlineNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-377
https://bugzilla.redhat.com/show_bug.cgi?id=1077023readline: insecure temporary file use in _rl_tropen()

EPSS

Процентиль: 37%
0.00157
Низкий

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-2524

ubuntu
больше 11 лет назад

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

nvd логотип

CVE-2014-2524

nvd
больше 11 лет назад

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

debian логотип

CVE-2014-2524

debian
больше 11 лет назад

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 a ...

github логотип

GHSA-hq65-wq6g-7mcc

github
больше 3 лет назад

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

EPSS

Процентиль: 37%
0.00157
Низкий

2.1 Low

CVSS2