213 matches found
Design/Logic Flaw
The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...
CVE-2014-2524
CVE-2014-2524 affects the GNU readline library, specifically the _rl_tropen function in util.c prior to 6.3 patch 3. A local attacker can exploit a symlink to create or overwrite arbitrary files via /var/tmp/rltrace.[PID]. This is a local privilege escalation/vector issue. The documented remediat...
CVE-2014-2524
The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file...
readline library symbolic links vulnerability
Symbolic links vulnerability in rltropen...
Mandriva Linux Security Advisory : readline (MDVSA-2014:154)
Updated readline packages fix security vulnerability : Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in v...
MGASA-2014-0319 Updated readline packages fix security vulnerability
Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when...
Updated readline packages fix security vulnerability
Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when...
Fedora Update for readline FEDORA-2014-7523
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 20 Update: readline-6.2-10.fc20
The Readline library provides a set of functions that allow users to edit command lines. Both Emacs and vi editing modes are available. The Readline library includes additional functions for maintaining a list of previously-entered command lines for recalling or editing those lines, and for...
Fedora 20 : readline-6.2-10.fc20 (2014-7523)
readline in Fedora is very slow when rleventhook is used, this update fix it. Security patch for debug functions Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it ...
creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit
No description provided by source. !/usr/bin/perl creLoaded = 6.15 HTMLAREA automated perl exploit hacked up by kaneda [email protected] Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. C...
Fedora Update for mingw-readline FEDORA-2014-6820
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mingw-readline FEDORA-2014-6866
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Low: readline
Issue Overview: The rltropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.PID file. Affected Packages: readline Issue Correction: Run yum update readline or yum update --advisory...
openSUSE Security Update : aaa_base (openSUSE-SU-2013:1955-1)
On systems installed via the Live Media that /etc/shadow file was readable by the 'users' group, which was not intended. bnc843230, CVE-2013-3713 Reason for this was that the user 'root' was put into the 'users' group. Also a commandline completion bug was fixed : - Use only bash and readline...
[SECURITY] Fedora 19 Update: mingw-readline-6.2-4.fc19
The Readline library provides a set of functions that allow users to edit command lines. Both Emacs and vi editing modes are available. The Readline library includes additional functions for maintaining a list of previously-entered command lines for recalling or editing those lines, and for...
Fedora 19 : mingw-readline-6.2-4.fc19 (2014-6866)
Fix CVE-2014-2524 RHBZ 1077035 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora 20 : mingw-readline-6.2-4.fc20 (2014-6820)
Fix CVE-2014-2524 RHBZ 1077035 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
UBUNTU-CVE-2013-1752
Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not y...
CVE-2013-1752
Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not y...