ppc64-diag is vulnerable to arbitrary file overwrite. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or obtain sensitive information from the temporary files.
CPE | Name | Operator | Version |
---|---|---|---|
ppc64-diag | eq | 2.6.6__2.el6 | |
ppc64-diag | eq | 2.4.2__10.el6 | |
ppc64-diag | eq | 2.5.0__2.el6 |
lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html
openwall.com/lists/oss-security/2014/06/17/1
rhn.redhat.com/errata/RHSA-2015-0383.html
rhn.redhat.com/errata/RHSA-2015-1320.html
secunia.com/advisories/60616
www.securityfocus.com/bid/68049
access.redhat.com/security/updates/classification/#moderate
bugzilla.novell.com/show_bug.cgi?id=882667
bugzilla.redhat.com/show_bug.cgi?id=1109371
bugzilla.redhat.com/show_bug.cgi?id=1131501
rhn.redhat.com/errata/RHSA-2015-1320.html