Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-1876

Опубликовано: 10 фев. 2014
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.4

Описание

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

РелизСтатусПримечание
devel

not-affected

6b31-1.13.3-1ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [6b31-1.13.3-1ubuntu1]]
lucid

released

6b31-1.13.3-1ubuntu1~0.10.04.1
precise

released

6b31-1.13.3-1ubuntu1~0.12.04.2
quantal

released

6b31-1.13.3-1ubuntu1~0.12.10.1
saucy

released

6b31-1.13.3-1ubuntu1~0.13.10.1
trusty

not-affected

6b31-1.13.3-1ubuntu1
trusty/esm

DNE

trusty was not-affected [6b31-1.13.3-1ubuntu1]
upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

released

7u55-2.4.7-1ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [7u55-2.4.7-1ubuntu1]]
lucid

DNE

precise

released

7u55-2.4.7-1ubuntu1~0.12.04.2
quantal

released

7u55-2.4.7-1ubuntu1~0.12.10.1
saucy

released

7u55-2.4.7-1ubuntu1~0.13.10.1
trusty

released

7u55-2.4.7-1ubuntu1
trusty/esm

DNE

trusty was released [7u55-2.4.7-1ubuntu1]
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 20%
0.00064
Низкий

4.4 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2014-1876

redhat
больше 11 лет назад

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

nvd логотип

CVE-2014-1876

nvd
больше 11 лет назад

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

debian логотип

CVE-2014-1876

debian
больше 11 лет назад

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in Op ...

github логотип

GHSA-97jm-5rh5-84f8

github
около 3 лет назад

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

fstec логотип

BDU:2014-00434

fstec
больше 11 лет назад

Уязвимость средства разработки приложений Java Development Kit, позволяющая локальному пользователю заменить произвольные файлы

EPSS

Процентиль: 20%
0.00064
Низкий

4.4 Medium

CVSS2