10 matches found
SUSE: Security Advisory (SUSE-SU-2014:0928-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Privilege Escalation
The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the...
Security Bulletin: PowerKVM is affected by ppc64-diag and powerpc-utils vulnerabilities (Multiple CVEs)
Summary PowerKVM is affected by multiple vulnerabilities in ppc64-diag and powerpc-utils. Vulnerability Details CVEID: CVE-2014-4038 DESCRIPTION: ppc64-diag could allow a local attacker to launch a symlink attack. lpdelatest.sh creates temporary files insecurely. A local attacker could exploit th...
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ppc64-diag: fix for tmp races and information disclosure (important)
ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...
ppc64-diag: fix for tmp races and information disclosure (important)
ppc64-diag was updated to fix tmp race issues CVE-2014-4038 and a file disclosure problem in snapshot tarball generation CVE-2014-4039...
CVE-2014-4038
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to 1 rtaserrd/diagsupport.c and /tmp/getdtfiles, 2 scripts/ppc64diagmkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or 3 lpd/test/lpdelatest.sh and /var/tmp/ras...
CVE-2014-4038
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to 1 rtaserrd/diagsupport.c and /tmp/getdtfiles, 2 scripts/ppc64diagmkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or 3 lpd/test/lpdelatest.sh and /var/tmp/ras...
CVE-2014-4038
CVE-2014-4038 affects the ppc64-diag tool on Red Hat Enterprise Linux 6/7 via insecure temporary file handling that enables a local attacker to perform a symlink attack and overwrite arbitrary files with the user’s privileges. The issue is fixed by upgrading to upstream ppc64-diag version 2.6.7 (...