4.4

CVE-2013-2035

Exploit
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatHawtjni Version <= 1.7
RedhatHawtjni Version1.0
RedhatHawtjni Version1.1
RedhatHawtjni Version1.2
RedhatHawtjni Version1.3
RedhatHawtjni Version1.4
RedhatHawtjni Version1.5
RedhatHawtjni Version1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.44
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://rhn.redhat.com/errata/RHSA-2013-1029.html
http://rhn.redhat.com/errata/RHSA-2013-1784.html
http://rhn.redhat.com/errata/RHSA-2013-1785.html
http://rhn.redhat.com/errata/RHSA-2013-1786.html
http://rhn.redhat.com/errata/RHSA-2014-0029.html
http://rhn.redhat.com/errata/RHSA-2014-0245.html
http://rhn.redhat.com/errata/RHSA-2014-0254.html
http://rhn.redhat.com/errata/RHSA-2014-0400.html
http://rhn.redhat.com/errata/RHSA-2015-0034.html
http://secunia.com/advisories/53415
http://secunia.com/advisories/54108
http://secunia.com/advisories/57915
http://www.osvdb.org/93411
http://www.securitytracker.com/id/1029431
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035
https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5
Patch
Exploit
https://github.com/jline/jline2/issues/85
https://github.com/jruby/jruby/issues/732