// For flags

CVE-2014-1876

OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

La función unpacker::redirect_stdio en unpack.cpp en unpack200 en OpenJDK 6, 7 y 8; Oracle Java SE 5.0u61, 6u71, 7u51 y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 no crea de manera segura archivos temporales cuando un archivo de registro no puede abrirse, lo que permite a usuarios locales sobreescribir archivos arbitrarios a través de un ataque de enlace simbólico en /tmp/unpack.log.

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-02-06 CVE Reserved
  • 2014-02-10 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
  • CWE-377: Insecure Temporary File
CAPEC
References (23)
URL Tag Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562 X_refsource_misc
http://osvdb.org/102808 Vdb Entry
http://seclists.org/oss-sec/2014/q1/242 Mailing List
http://seclists.org/oss-sec/2014/q1/285 Mailing List
http://secunia.com/advisories/58415 Third Party Advisory
http://secunia.com/advisories/59058 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21672080 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676746 X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21679713 X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html X_refsource_confirm
http://www.securityfocus.com/bid/65568 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
http://marc.info/?l=bugtraq&m=140852886808946&w=2 2018-01-05
http://marc.info/?l=bugtraq&m=140852974709252&w=2 2018-01-05
http://rhn.redhat.com/errata/RHSA-2014-0675.html 2018-01-05
http://rhn.redhat.com/errata/RHSA-2014-0685.html 2018-01-05
http://security.gentoo.org/glsa/glsa-201406-32.xml 2018-01-05
http://www.debian.org/security/2014/dsa-2912 2018-01-05
http://www.ubuntu.com/usn/USN-2187-1 2018-01-05
http://www.ubuntu.com/usn/USN-2191-1 2018-01-05
https://access.redhat.com/errata/RHSA-2014:0413 2018-01-05
https://access.redhat.com/errata/RHSA-2014:0414 2018-01-05
https://bugzilla.redhat.com/show_bug.cgi?id=1060907 2014-07-29
https://access.redhat.com/security/cve/CVE-2014-1876 2014-07-29
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Openjdk
Search vendor "Oracle" for product "Openjdk"
 1.6.0
Search vendor "Oracle" for product "Openjdk" and version "1.6.0"
-
Affected
Oracle
Search vendor "Oracle"
 Openjdk
Search vendor "Oracle" for product "Openjdk"
 1.7.0
Search vendor "Oracle" for product "Openjdk" and version "1.7.0"
-
Affected
Oracle
Search vendor "Oracle"
 Openjdk
Search vendor "Oracle" for product "Openjdk"
 1.8.0
Search vendor "Oracle" for product "Openjdk" and version "1.8.0"
-
Affected