CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%
Issue Overview:
f2py insecurely uses a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py.
Affected Packages:
numpy
Issue Correction:
Run yum update numpy to update your system.
New Packages:
i686:
numpy-f2py-1.7.2-8.10.amzn1.i686
numpy-debuginfo-1.7.2-8.10.amzn1.i686
numpy-1.7.2-8.10.amzn1.i686
noarch:
numpy-doc-1.7.2-8.10.amzn1.noarch
src:
numpy-1.7.2-8.10.amzn1.src
x86_64:
numpy-1.7.2-8.10.amzn1.x86_64
numpy-f2py-1.7.2-8.10.amzn1.x86_64
numpy-debuginfo-1.7.2-8.10.amzn1.x86_64
Red Hat: CVE-2014-1858, CVE-2014-1859
Mitre: CVE-2014-1858, CVE-2014-1859
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | numpy-f2py | < 1.7.2-8.10.amzn1 | numpy-f2py-1.7.2-8.10.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | numpy-debuginfo | < 1.7.2-8.10.amzn1 | numpy-debuginfo-1.7.2-8.10.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | numpy | < 1.7.2-8.10.amzn1 | numpy-1.7.2-8.10.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | numpy-doc | < 1.7.2-8.10.amzn1 | numpy-doc-1.7.2-8.10.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | numpy | < 1.7.2-8.10.amzn1 | numpy-1.7.2-8.10.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | numpy-f2py | < 1.7.2-8.10.amzn1 | numpy-f2py-1.7.2-8.10.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | numpy-debuginfo | < 1.7.2-8.10.amzn1 | numpy-debuginfo-1.7.2-8.10.amzn1.x86_64.rpm |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%