CVE-2014-2524
20.08.2014, 14:55
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
| Vendor | Product | Version |
|---|---|---|
| mageia | mageia | 3.0 |
| mageia | mageia | 4.0 |
| gnu | readline | 𝑥 ≤ 6.3 |
| gnu | readline | 2.1 |
| gnu | readline | 2.2 |
| gnu | readline | 4.0 |
| gnu | readline | 4.1 |
| gnu | readline | 4.2 |
| gnu | readline | 4.2:a |
| gnu | readline | 4.3 |
| gnu | readline | 5.0 |
| gnu | readline | 5.1 |
| gnu | readline | 5.2 |
| gnu | readline | 6.0 |
| gnu | readline | 6.1 |
| gnu | readline | 6.2 |
| opensuse | opensuse | 12.3 |
| opensuse | opensuse | 13.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References