Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-1876

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

Published

2014-02-10T23:55:05.103

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.4

Impact Score

6.4

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	openjdk	1.6.0	Yes
Application	oracle	openjdk	1.7.0	Yes
Application	oracle	openjdk	1.8.0	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562 ([email protected])
http://marc.info/?l=bugtraq&m=140852886808946&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=140852886808946&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=140852974709252&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=140852974709252&w=2 ([email protected])
http://osvdb.org/102808 ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0675.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0685.html ([email protected])
http://seclists.org/oss-sec/2014/q1/242 ([email protected])
http://seclists.org/oss-sec/2014/q1/285 ([email protected])
http://secunia.com/advisories/58415 ([email protected])
http://secunia.com/advisories/59058 ([email protected])
http://security.gentoo.org/glsa/glsa-201406-32.xml ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21672080 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21676746 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21679713 ([email protected])
http://www.debian.org/security/2014/dsa-2912 ([email protected])
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html ([email protected])
http://www.securityfocus.com/bid/65568 ([email protected])
http://www.ubuntu.com/usn/USN-2187-1 ([email protected])
http://www.ubuntu.com/usn/USN-2191-1 ([email protected])
https://access.redhat.com/errata/RHSA-2014:0413 ([email protected])
https://access.redhat.com/errata/RHSA-2014:0414 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1060907 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=140852886808946&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=140852886808946&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=140852974709252&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=140852974709252&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/102808 (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0675.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0685.html (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2014/q1/242 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2014/q1/285 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/58415 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59058 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201406-32.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21672080 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21676746 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21679713 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-2912 (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/65568 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2187-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2191-1 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2014:0413 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2014:0414 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1060907 (af854a3a-2127-422b-91ae-364da2661108)