CVE-2014-2524 - Improper Link Resolution Before File Access ('Link Following')

Severity

32%

Complexity

34%

Confidentiality

81%

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P).

Overview

First reported 10 years ago

2014-08-20 14:55:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Mageia 3.0

3.0

Mageia 4.0

4.0

GNU readline 2.1

2.1

GNU readline 2.2

2.2

GNU readline 4.0

4.0

GNU readline 4.1

4.1

GNU readline 4.2

4.2

GNU readline 4.2a

4.2

GNU readline 4.3

4.3

GNU readline 5.0

5.0

GNU readline 5.1

5.1

GNU readline 5.2

5.2

GNU readline 6.0

6.0

GNU readline 6.1

6.1

GNU readline 6.2

6.2

OpenSUSE 12.3

12.3

OpenSUSE 13.1

13.1

Fedora 20

20

References

http://advisories.mageia.org/MGASA-2014-0319.html

Third Party Advisory

[Bug-readline] 20140331 Readline-6.3 Official Patch 3

Patch, Vendor Advisory

openSUSE-SU-2014:1226

Third Party Advisory

[oss-security] 20140314 Insecure usage of temporary files in GNU Readline

Mailing List, Third Party Advisory

[oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline

Mailing List, Third Party Advisory

MDVSA-2014:154

Broken Link

MDVSA-2015:132

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=1077023

Issue Tracking

FEDORA-2014-7523

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.