Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1839

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2014-1839
Last Modified 12 Mar 2014 02:43:00
Published 11 Mar 2014 03:37:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1839

Summary

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

Vulnerable Systems

Operating System

  • Novell Opensuse 12.3

  • Novell Opensuse 13.1

Application

  • Logilab-common 0.60.0


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051

CONFIRM - http://www.logilab.org/ticket/207562

SECUNIA - 57209

SUSE - openSUSE-SU-2014:0306

MLIST - [oss-security] 20140131 CVE request: temp file issues in python's logilab-common module


Last Updated: 27 May 2016 11:04:38