Lucene search
HistoryJan 28, 2014 - 12:55 a.m.
CVE-2014-1639
cve-2014-1639
syncevolution
installcheck
local
security
vulnerability
nvd
6.2 Medium
AI Score
Confidence
Low
3.3 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
Affected configurations
Node
debiansyncevolutionRange≤1.3.99.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian:syncevolution | debian syncevolution | le | 1.3.99.6 |
Related
openvas
openvas
Fedora Update for syncevolution FEDORA-2014-5186
2014-05-02 00:00:00
Fedora Update for syncevolution FEDORA-2014-5236
2014-05-02 00:00:00
Fedora Update for syncevolution FEDORA-2014-5236
2014-05-02 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: syncevolution-1.4.1-1.fc19
2014-04-27 09:08:49
[SECURITY] Fedora 20 Update: syncevolution-1.4.1-1.fc20
2014-04-24 07:41:41
nessus
nessus
Fedora 20 : syncevolution-1.4.1-1.fc20 (2014-5186)
2014-04-25 00:00:00
Fedora 19 : syncevolution-1.4.1-1.fc19 (2014-5236)
2014-04-28 00:00:00
debiancve
debiancve
CVE-2014-1639
2014-01-28 00:55:04
nvd
nvd
CVE-2014-1639
2014-01-28 00:55:04
cvelist
cvelist
CVE-2014-1639
2014-01-28 00:00:00
prion
prion
Code injection
2014-01-28 00:55:00
ubuntucve
ubuntucve
CVE-2014-1639
2014-01-28 00:00:00
6.2 Medium
AI Score
Confidence
Low
3.3 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
Related for CVE-2014-1639