Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-2524


The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.


Published

2014-08-20T14:55:05.860

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.4

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-59

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System mageia mageia 3.0 Yes
Operating System mageia mageia 4.0 Yes
Application gnu readline ≤ 6.3 Yes
Application gnu readline 2.1 Yes
Application gnu readline 2.2 Yes
Application gnu readline 4.0 Yes
Application gnu readline 4.1 Yes
Application gnu readline 4.2 Yes
Application gnu readline 4.2 Yes
Application gnu readline 4.3 Yes
Application gnu readline 5.0 Yes
Application gnu readline 5.1 Yes
Application gnu readline 5.2 Yes
Application gnu readline 6.0 Yes
Application gnu readline 6.1 Yes
Application gnu readline 6.2 Yes
Operating System opensuse opensuse 12.3 Yes
Operating System opensuse opensuse 13.1 Yes
Operating System fedoraproject fedora 20 Yes

References