CVE-2014-3981

Published: Jun 8, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.apple.com/HT204659

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21683486

x_refsource_CONFIRM

HPSBUX03102

vendor-advisory

x_refsource_HP

HPSBUX03150

vendor-advisory

x_refsource_HP

https://bugs.php.net/bug.php?id=67390

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1104978

x_refsource_CONFIRM

APPLE-SA-2015-04-08-2

vendor-advisory

x_refsource_APPLE

http://support.apple.com/kb/HT6443

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

x_refsource_CONFIRM

SSRT101681

vendor-advisory

x_refsource_HP

20140604 More /tmp fun (PHP, Lynis)

mailing-list

x_refsource_FULLDISC

[oss-security] 20140606 Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure

mailing-list

x_refsource_MLIST

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91bcadd85e20e50d3f8c2e9721327681640e6f16

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-3981

Description

Affected Products

References