CVE-2014-4039

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ppc64-diag_project:ppc64-diag:2.6.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*

Information

Published : 2014-06-17 08:55

Updated : 2017-01-06 19:00


NVD link : CVE-2014-4039

Mitre link : CVE-2014-4039


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

suse

  • linux_enterprise_server

ppc64-diag_project

  • ppc64-diag

redhat

  • enterprise_linux_server