PT-2014-1233 · Oracle+6 · Jrockit+10
Jakub Wilk
+1
·
Published
2014-02-10
·
Updated
2024-06-15
·
CVE-2014-1876
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenJDK versions 6 through 8
Oracle Java SE versions 5.0u61, 6u71, 7u51, and 8
JRockit versions R27.8.1 and R28.3.1
Java SE Embedded version 7u51
Description
The issue is related to the
unpacker::redirect stdio function in unpack.cpp in unpack200, which does not securely create temporary files when a log file cannot be opened. This allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. The vulnerability can be exploited by local users to replace arbitrary files using a symbolic link attack.Recommendations
For OpenJDK versions 6 through 8, update to a version that securely creates temporary files.
For Oracle Java SE versions 5.0u61, 6u71, 7u51, and 8, update to a version that securely creates temporary files.
For JRockit versions R27.8.1 and R28.3.1, update to a version that securely creates temporary files.
For Java SE Embedded version 7u51, update to a version that securely creates temporary files.
As a temporary workaround, consider restricting access to the
unpack200 module to minimize the risk of exploitation.Exploit
Fix
DoS
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Hp-Ux
Ibm Aix
Jrockit
Java Platform
Java Se
Java Se Embedded
Openjdk
Red Hat
Suse
Ubuntu