Lucene search

[email protected]NVD:CVE-2014-0027

HistoryJan 26, 2014 - 1:55 a.m.

CVE-2014-0027

2014-01-2601:55:19

CWE-59

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

cmufliteMatch1.4

References

lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html

seclists.org/oss-sec/2014/q1/59

www.mandriva.com/security/advisories?name=MDVSA-2014:032

www.osvdb.org/101948

www.securityfocus.com/bid/64791

bugzilla.redhat.com/show_bug.cgi?id=1048678

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2014-0027

nessus3 prion1 mageia1 fedora2 cvelist1 securityvulns2 debiancve1 openvas1 seebug1 ubuntucve1 cve1