Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1838

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2014-1838
Last Modified 12 Mar 2014 02:38:15
Published 11 Mar 2014 03:37:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1838

Summary

The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.

Vulnerable Systems

Operating System

  • Novell Opensuse 12.3

  • Novell Opensuse 13.1

Application

  • Logilab-common 0.60.0


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051

CONFIRM - http://www.logilab.org/ticket/207561

SECUNIA - 57209

SUSE - openSUSE-SU-2014:0306

MLIST - [oss-security] 20140131 CVE request: temp file issues in python's logilab-common module


Last Updated: 27 May 2016 11:04:38