Lucene search

AmazonALAS-2014-356

HistoryJun 15, 2014 - 4:19 p.m.

Low: perltidy

2014-06-1516:19:00

alas.aws.amazon.com

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

Issue Overview:

It was discovered that perltidy’s make_temporary_filename() function insecurely created temporary files via the use of the tmpnam() function. A local attacker could use this flaw to perform a symbolic link attack.

Affected Packages:

perltidy

Issue Correction:
Run yum update perltidy to update your system.

New Packages:

noarch:  
    perltidy-20121207-3.8.amzn1.noarch  
  
src:  
    perltidy-20121207-3.8.amzn1.src

Additional References

Red Hat: CVE-2014-2277

Mitre: CVE-2014-2277

OSVersionArchitecturePackageVersionFilename
Amazon Linux1noarchperltidy< 20121207-3.8.amzn1perltidy-20121207-3.8.amzn1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	noarch	perltidy	< 20121207-3.8.amzn1	perltidy-20121207-3.8.amzn1.noarch.rpm

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for ALAS-2014-356