Lucene search
Ubuntu.comUB:CVE-2014-0027HistoryJan 26, 2014 - 12:00 a.m.
CVE-2014-0027
2014-01-2600:00:00
ubuntu.com
ubuntu.com
10
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
5.2%
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows
local users to modify arbitrary files via a symlink attack on /tmp/awb.wav.
NOTE: some of these details are obtained from third party information.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | not only does Yama protect the temp file against misuse, but the Debian bug states that nothing in the archive uses the insecure function. |
Related
fedora
fedora
[SECURITY] Fedora 19 Update: flite-1.3-20.fc19
2014-02-05 03:38:40
[SECURITY] Fedora 20 Update: flite-1.3-21.fc20
2014-02-05 03:43:28
cvelist
cvelist
CVE-2014-0027
2014-01-26 01:00:00
nessus
nessus
Mandriva Linux Security Advisory : flite (MDVSA-2014:032)
2014-02-16 00:00:00
Fedora 19 : flite-1.3-20.fc19 (2014-0574)
2014-02-05 00:00:00
Fedora 20 : flite-1.3-21.fc20 (2014-0579)
2014-02-05 00:00:00
prion
prion
Information disclosure
2014-01-26 01:55:00
mageia
mageia
Updated flite package fixes CVE-2014-0027
2014-02-11 00:14:25
securityvulns
securityvulns
flite symbolic links vulnerability
2014-02-18 00:00:00
[ MDVSA-2014:032 ] flite
2014-02-18 00:00:00
cve
cve
CVE-2014-0027
2014-01-26 01:55:00
seebug
seebug
Flite 'play_wave_from_socket()'不安全临时文件创建漏洞
2014-02-10 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0047)
2022-01-28 00:00:00
debiancve
debiancve
CVE-2014-0027
2014-01-26 01:55:00
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
5.2%
Related for UB:CVE-2014-0027