Vulnerability Details : CVE-2014-1876
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Products affected by CVE-2014-1876
- cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1876
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1876
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
CWE ids for CVE-2014-1876
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1876
-
http://www.securityfocus.com/bid/65568
Multiple Oracle Java Products 'unpack.cpp' Insecure Temporary File Creation Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
IBM Security Bulletin: InfoSphere Streams is possibly affected by vulnerabilities in the IBM® SDK, Java™ Technology Edition (CVE-2014-0453 and CVE-2014-0460)
-
http://marc.info/?l=bugtraq&m=140852886808946&w=2
'[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, ' - MARC
-
https://access.redhat.com/errata/RHSA-2014:0414
RHSA-2014:0414 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Oracle Critical Patch Update - April 2014
-
http://seclists.org/oss-sec/2014/q1/285
oss-sec: Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)
-
http://www.ubuntu.com/usn/USN-2187-1
USN-2187-1: OpenJDK 7 vulnerabilities | Ubuntu security notices
-
http://osvdb.org/102808
-
http://www.debian.org/security/2014/dsa-2912
Debian -- Security Information -- DSA-2912-1 openjdk-6
-
http://secunia.com/advisories/59058
Sign in
-
http://www-01.ibm.com/support/docview.wss?uid=swg21679713
IBM SmartCloud Provisioning 2.1 Fix Pack 5 (SCP - 2.1.0.5)
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
#737562 - unpack200: CVE-2014-1876: insecure use of /tmp - Debian Bug report logs
-
http://seclists.org/oss-sec/2014/q1/242
oss-sec: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)
-
http://secunia.com/advisories/58415
Sign in
-
http://marc.info/?l=bugtraq&m=140852974709252&w=2
'[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, ' - MARC
-
http://rhn.redhat.com/errata/RHSA-2014-0675.html
RHSA-2014:0675 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2191-1
USN-2191-1: OpenJDK 6 vulnerabilities | Ubuntu security notices
-
https://access.redhat.com/errata/RHSA-2014:0413
RHSA-2014:0413 - Security Advisory - Red Hat Customer Portal
-
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
IBM Security Bulletin: IBM Lotus Expeditor fixes for multiple vulnerabilities in IBM JRE
-
https://bugzilla.redhat.com/show_bug.cgi?id=1060907
1060907 – (CVE-2014-1876) CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)
-
http://rhn.redhat.com/errata/RHSA-2014-0685.html
RHSA-2014:0685 - Security Advisory - Red Hat Customer Portal
-
http://security.gentoo.org/glsa/glsa-201406-32.xml
IcedTea JDK: Multiple vulnerabilities (GLSA 201406-32) — Gentoo security
Jump to