Lucene search

K
cve[email protected]CVE-2014-1639
HistoryJan 28, 2014 - 12:55 a.m.

CVE-2014-1639

2014-01-2800:55:04
CWE-59
web.nvd.nist.gov
17
cve-2014-1639
syncevolution
installcheck
local
security
vulnerability
nvd

6.2 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.

Affected configurations

NVD
Node
debiansyncevolutionRange1.3.99.6

6.2 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%