CVE-2014-4038

Name of the Vulnerable Software and Affected Versions ppc64-diag version 2.6.1 ppc64-diag-debugsource (affected versions not specified) ppc64-diag-debuginfo (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the ppc64-diag package of openSUSE and SUSE Linux Enterprise operating systems. These vulnerabilities can be exploited locally, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The exploitation can be related to specific files and scripts, such as rtas errd/diag support.c, scripts/ppc64 diag mkrsrc, and lpd/test/lpd ela test.sh, which can be manipulated through symlink attacks, allowing arbitrary file overwrites.

Recommendations For ppc64-diag version 2.6.1, consider updating to a newer version that addresses these vulnerabilities. For ppc64-diag-debugsource and ppc64-diag-debuginfo, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable scripts and files, such as rtas errd/diag support.c, scripts/ppc64 diag mkrsrc, and lpd/test/lpd ela test.sh, to minimize the risk of exploitation.