CVE-2014-2524

Published: Aug 20, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

MDVSA-2014:154

vendor-advisory

x_refsource_MANDRIVA

openSUSE-SU-2014:1226

vendor-advisory

x_refsource_SUSE

https://bugzilla.redhat.com/show_bug.cgi?id=1077023

x_refsource_MISC

FEDORA-2014-7523

vendor-advisory

x_refsource_FEDORA

[oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline

mailing-list

x_refsource_MLIST

MDVSA-2015:132

vendor-advisory

x_refsource_MANDRIVA

http://advisories.mageia.org/MGASA-2014-0319.html

x_refsource_CONFIRM

[Bug-readline] 20140331 Readline-6.3 Official Patch 3

mailing-list

x_refsource_MLIST

[oss-security] 20140314 Insecure usage of temporary files in GNU Readline

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-2524

Description

Affected Products

References