CVE-2014-3981

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 08-06-2014 08:55

Last modified: - 19-01-2023 05:30

Total changes: - 2

Description

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:N/I:P/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

None

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

3.3

Base score

3.4

4.9

Exploitability score

Impact score

Verification logic

Reference

http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16
https://bugzilla.redhat.com/show_bug.cgi?id=1104978
20140604 More /tmp fun (PHP, Lynis)-Mailing List, Third Party Advisory
[oss-security] 20140606 Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure-Mailing List, Third Party Advisory
https://bugs.php.net/bug.php?id=67390
http://support.apple.com/kb/HT6443
HPSBUX03150-Mailing List, Third Party Advisory
https://support.apple.com/HT204659
APPLE-SA-2015-04-08-2-Mailing List
SSRT101681-Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www-01.ibm.com/support/docview.wss?uid=swg21683486

Keywords

CVE-2014-3981

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-3981

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures