Lucene search

K

MitreCVELIST:CVE-2014-1640

HistoryJan 28, 2014 - 12:00 a.m.

CVE-2014-1640

2014-01-2800:00:00

mitre

www.cve.org

4

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=736358

www.openwall.com/lists/oss-security/2014/01/22/3

www.openwall.com/lists/oss-security/2014/01/22/4

www.osvdb.org/102383

exchange.xforce.ibmcloud.com/vulnerabilities/90663

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

Related for CVELIST:CVE-2014-1640

ubuntucve1 cve1 nvd1 debiancve1 prion1