CVE-2014-1876

Published Feb 10, 2014

Last updated 7 years ago

Overview

Description: The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-59

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A6505E4-8E6A-4888-8B9C-2B2C10546CB6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "662D4C81-DD97-4A36-8F15-CCE6ADA6456E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CA81243-2FC7-481B-AFD8-067E3EC9DF77"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References