Lucene search
HistoryJun 17, 2014 - 3:55 p.m.
CVE-2014-4039
cve-2014-4039
ppc64-diag
permissions
sensitive information disclosure
nvd
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
Affected configurations
Node
redhatenterprise_linux_serverMatch6.0
ORredhatenterprise_linux_serverMatch7.0
Node
ppc64-diag_projectppc64-diagMatch2.6.1
Node
suselinux_enterprise_serverMatch11sp3
References
Related
prion
prion
Design/Logic Flaw
2014-06-17 15:55:00
nvd
nvd
CVE-2014-4039
2014-06-17 15:55:06
debiancve
debiancve
CVE-2014-4039
2014-06-17 15:55:06
cvelist
cvelist
CVE-2014-4039
2014-06-17 15:00:00
ubuntucve
ubuntucve
CVE-2014-4039
2014-06-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-2)
2014-08-05 00:00:00
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-1)
2014-08-05 00:00:00
SUSE: Security Advisory for ppc64-diag (SUSE-SU-2014:0928-1)
2015-10-13 00:00:00
redhat
redhat
suse
suse
ppc64-diag: fix for tmp races and information disclosure (important)
2014-07-30 21:20:51
ppc64-diag: fix for tmp races and information disclosure (important)
2014-07-31 08:19:46
Security update for ppc64-diag (important)
2014-07-23 23:04:53
veracode
veracode
Privilege Escalation
2019-05-02 05:41:01
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-4039