CVE-2013-4159

2014-08-0618:55:00

CWE-264

[email protected]

web.nvd.nist.gov

ctdb

opensuse

vulnerability

temp file

security

nvd

cve-2013-4159

6.4 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to “several temp file vulnerabilities” in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h.

CPENameOperatorVersion
ctdb_project:ctdbctdb project ctdbeq2.1
opensuse:opensuseopensuseeq12.3
ctdb_project:ctdbctdb project ctdble2.2
ctdb_project:ctdbctdb project ctdbeq2.0
opensuse:opensuseopensuseeq13.1
mageia:mageiamageiaeq3.0
mageia:mageiamageiaeq4.0

CPE	Name	Operator	Version
ctdb_project:ctdb	ctdb project ctdb	eq	2.1
opensuse:opensuse	opensuse	eq	12.3
ctdb_project:ctdb	ctdb project ctdb	le	2.2
ctdb_project:ctdb	ctdb project ctdb	eq	2.0
opensuse:opensuse	opensuse	eq	13.1
mageia:mageia	mageia	eq	3.0
mageia:mageia	mageia	eq	4.0