PT-2014-1233 · Oracle+6 · Jrockit+10
Jakub Wilk
+1
·
Publicado
2014-02-10
·
Atualizado
2024-06-15
·
CVE-2014-1876
CVSS v2.0
4.4
Média
| Vetor | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenJDK versions 6 through 8
Oracle Java SE versions 5.0u61, 6u71, 7u51, and 8
JRockit versions R27.8.1 and R28.3.1
Java SE Embedded version 7u51
Description
The issue is related to the
unpacker::redirect stdio function in unpack.cpp in unpack200, which does not securely create temporary files when a log file cannot be opened. This allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. The vulnerability can be exploited by local users to replace arbitrary files using a symbolic link attack.Recommendations
For OpenJDK versions 6 through 8, update to a version that securely creates temporary files.
For Oracle Java SE versions 5.0u61, 6u71, 7u51, and 8, update to a version that securely creates temporary files.
For JRockit versions R27.8.1 and R28.3.1, update to a version that securely creates temporary files.
For Java SE Embedded version 7u51, update to a version that securely creates temporary files.
As a temporary workaround, consider restricting access to the
unpack200 module to minimize the risk of exploitation.Exploit
Correção
DoS
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Hp-Ux
Ibm Aix
Jrockit
Java Platform
Java Se
Java Se Embedded
Openjdk
Red Hat
Suse
Ubuntu