1 results (0.002 seconds)
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2014-2524 – Mandriva Linux Security Advisory 2014-154
https://notcve.org/view.php?id=CVE-2014-2524
08 Aug 2014 — The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. La función _rl_tropen en util.c en GNU readline anterior a 6.3 patch 3 permite a usuarios locales crear o sobrescribir ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero /var/tmp/rltrace.[PID]. Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. • http://advisories.mageia.org/MGASA-2014-0319.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •