3.3

CVE-2014-2524

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Data is provided by the National Vulnerability Database (NVD)
MageiaMageia Version3.0
MageiaMageia Version4.0
GnuReadline Version <= 6.3
GnuReadline Version2.1
GnuReadline Version2.2
GnuReadline Version4.0
GnuReadline Version4.1
GnuReadline Version4.2
GnuReadline Version4.2 Updatea
GnuReadline Version4.3
GnuReadline Version5.0
GnuReadline Version5.1
GnuReadline Version5.2
GnuReadline Version6.0
GnuReadline Version6.1
GnuReadline Version6.2
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
FedoraprojectFedora Version20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.371
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:N/I:P/A:P
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://seclists.org/oss-sec/2014/q1/579
Third Party Advisory
Mailing List
http://seclists.org/oss-sec/2014/q1/587
Third Party Advisory
Mailing List