4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.4%
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK
6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and
R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files
when a log file cannot be opened, which allows local users to overwrite
arbitrary files via a symlink attack on /tmp/unpack.log.
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | openjdk-6 | < 6b31-1.13.3-1ubuntu1~0.10.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-6 | < 6b31-1.13.3-1ubuntu1~0.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-6 | < 6b31-1.13.3-1ubuntu1~0.12.10.1 | UNKNOWN |
ubuntu | 13.10 | noarch | openjdk-6 | < 6b31-1.13.3-1ubuntu1~0.13.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-7 | < 7u55-2.4.7-1ubuntu1~0.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-7 | < 7u55-2.4.7-1ubuntu1~0.12.10.1 | UNKNOWN |
ubuntu | 13.10 | noarch | openjdk-7 | < 7u55-2.4.7-1ubuntu1~0.13.10.1 | UNKNOWN |
ubuntu | 14.04 | noarch | openjdk-7 | < 7u55-2.4.7-1ubuntu1 | UNKNOWN |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
osvdb.org/102808
seclists.org/oss-sec/2014/q1/242
seclists.org/oss-sec/2014/q1/285
bugzilla.redhat.com/show_bug.cgi?id=1060907
launchpad.net/bugs/cve/CVE-2014-1876
nvd.nist.gov/vuln/detail/CVE-2014-1876
security-tracker.debian.org/tracker/CVE-2014-1876
ubuntu.com/security/notices/USN-2187-1
ubuntu.com/security/notices/USN-2191-1
www.cve.org/CVERecord?id=CVE-2014-1876