3.3

CVE-2014-0027

The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CmuFlite Version1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.247
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:P/I:P/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html
http://seclists.org/oss-sec/2014/q1/59
http://www.mandriva.com/security/advisories?name=MDVSA-2014:032
http://www.osvdb.org/101948
http://www.securityfocus.com/bid/64791
https://bugzilla.redhat.com/show_bug.cgi?id=1048678