Lucene search

K

Ubuntu.comUB:CVE-2014-1639

HistoryJan 28, 2014 - 12:00 a.m.

CVE-2014-1639

2014-01-2800:00:00

ubuntu.com

ubuntu.com

14

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

EPSS

0

Percentile

5.1%

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp
to create a safe temporary file but appends a suffix to the original
filename and writes to this new filename, which allows local users to
overwrite arbitrary files via a symlink attack on the new filename.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357>

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357

www.openwall.com/lists/oss-security/2014/01/22/3

www.openwall.com/lists/oss-security/2014/01/22/4

xforce.iss.net/xforce/xfdb/90662

launchpad.net/bugs/cve/CVE-2014-1639

nvd.nist.gov/vuln/detail/CVE-2014-1639

security-tracker.debian.org/tracker/CVE-2014-1639

www.cve.org/CVERecord?id=CVE-2014-1639

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

EPSS

0

Percentile

5.1%

Related for UB:CVE-2014-1639

debiancve1 nessus2 openvas4 cvelist1 nvd1 fedora2 prion1 cve1