Lucene search

[email protected]CVE-2014-4038

HistoryJun 17, 2014 - 3:55 p.m.

CVE-2014-4038

2014-06-1715:55:06

CWE-59

[email protected]

web.nvd.nist.gov

cve-2014-4038

ppc64-diag

symlink attack

file overwrite

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.

Affected configurations

NVD

Node

suselinux_enterprise_serverMatch11sp3

Node

ppc64-diag_projectppc64-diagMatch2.6.1

Node

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

CPENameOperatorVersion
suse:linux_enterprise_serversuse linux enterprise servereq11

CPE	Name	Operator	Version
suse:linux_enterprise_server	suse linux enterprise server	eq	11

References

lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html

openwall.com/lists/oss-security/2014/06/17/1

rhn.redhat.com/errata/RHSA-2015-0383.html

rhn.redhat.com/errata/RHSA-2015-1320.html

secunia.com/advisories/60616

www.securityfocus.com/bid/68049

bugzilla.novell.com/show_bug.cgi?id=882667

bugzilla.redhat.com/show_bug.cgi?id=1109371

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-4038

nvd1 ubuntucve1 veracode2 debiancve1 prion1 cvelist1 suse3 openvas4 redhat2 ibm1