CVE - CVE-2014-1876

CVE-ID
CVE-2014-1876	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:65568 URL:http://www.securityfocus.com/bid/65568 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21672080 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21676746 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21679713 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html DEBIAN:DSA-2912 URL:http://www.debian.org/security/2014/dsa-2912 GENTOO:GLSA-201406-32 URL:http://security.gentoo.org/glsa/glsa-201406-32.xml HP:HPSBUX03091 URL:http://marc.info/?l=bugtraq&m=140852886808946&w=2 HP:HPSBUX03092 URL:http://marc.info/?l=bugtraq&m=140852974709252&w=2 HP:SSRT101667 URL:http://marc.info/?l=bugtraq&m=140852886808946&w=2 HP:SSRT101668 URL:http://marc.info/?l=bugtraq&m=140852974709252&w=2 MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1060907 MLIST:[oss-security] 20140203 CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) URL:http://seclists.org/oss-sec/2014/q1/242 MLIST:[oss-security] 20140207 Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) URL:http://seclists.org/oss-sec/2014/q1/285 OSVDB:102808 URL:~~http://osvdb.org/102808~~ (Obsolete source) REDHAT:RHSA-2014:0413 URL:https://access.redhat.com/errata/RHSA-2014:0413 REDHAT:RHSA-2014:0414 URL:https://access.redhat.com/errata/RHSA-2014:0414 REDHAT:RHSA-2014:0675 URL:http://rhn.redhat.com/errata/RHSA-2014-0675.html REDHAT:RHSA-2014:0685 URL:http://rhn.redhat.com/errata/RHSA-2014-0685.html SECUNIA:58415 URL:http://secunia.com/advisories/58415 SECUNIA:59058 URL:http://secunia.com/advisories/59058 UBUNTU:USN-2187-1 URL:http://www.ubuntu.com/usn/USN-2187-1 UBUNTU:USN-2191-1 URL:http://www.ubuntu.com/usn/USN-2191-1
Assigning CNA
MITRE Corporation
Date Record Created
20140206	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140206)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)