CVE-2014-2524

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gnu:readline:5.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:5.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:4.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:4.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:4.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:4.2:a:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:6.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:readline:4.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

Information

Published : 2014-08-20 07:55

Updated : 2018-10-30 09:27


NVD link : CVE-2014-2524

Mitre link : CVE-2014-2524


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

fedoraproject

  • fedora

mageia

  • mageia

opensuse

  • opensuse

gnu

  • readline