Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2013-2035

Published: 28/08/2013 Updated: 18/01/2015
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Redhat

Vulnerability Summary

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI prior to 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat hawtjni

redhat hawtjni 1.6

redhat hawtjni 1.3

redhat hawtjni 1.2

redhat hawtjni 1.5

redhat hawtjni 1.4

redhat hawtjni 1.1

redhat hawtjni 1.0

Vendor Advisories

Debian CVElist Bug Report Logs: libhawtjni-runtime-java: /tmp race condition with arbitrary code execution (CVE-2013-2035)
Debian Bug report logs - #708293 libhawtjni-runtime-java: /tmp race condition with arbitrary code execution (CVE-2013-2035) Package: libhawtjni-runtime-java; Maintainer for libhawtjni-runtime-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libhawtjni-runtime-java is src:hawtjni (PTS, buildd ...
Red Hat: Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update
Synopsis Low: Red Hat JBoss Enterprise Application Platform 620 update Type/Severity Security Advisory: Low Topic Updated Red Hat JBoss Enterprise Application Platform 620 packages thatfix two security issues, several bugs, and add various enhancements are nowavailable for Red Hat Enterprise Linux 5The ...
Red Hat: Low: Red Hat JBoss Enterprise Application Platform 6.2.0 update
Synopsis Low: Red Hat JBoss Enterprise Application Platform 620 update Type/Severity Security Advisory: Low Topic Updated Red Hat JBoss Enterprise Application Platform 620 packages thatfix two security issues, several bugs, and add various enhancements are nowavailable for Red Hat Enterprise Linux 6The ...
Red Hat: CVE-2013-2035
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed ...

Github Repositories

https://github.com/ian4hu/super-pom

Enforced Super POM for build stable artifacts

Super-POM 超级POM项目 用于在项目上定义约束,以满足项目稳定、安全构建投产。 背景使用Maven Enforcer Plugin提升构建稳定性。 基于Maven Enforcer Plugin构建的约束规则。 禁止引入冲突的依赖 约束多模块项目 其他经典约定:编码、运行时版本等 依赖管理最佳实践(可选) 重复类检测 禁止循环依

References

CWE-94https://github.com/jruby/jruby/issues/732https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5https://github.com/jline/jline2/issues/85http://rhn.redhat.com/errata/RHSA-2013-1029.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1785.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1784.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1786.htmlhttp://secunia.com/advisories/53415http://secunia.com/advisories/54108http://www.securitytracker.com/id/1029431http://www.osvdb.org/93411http://rhn.redhat.com/errata/RHSA-2014-0029.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0254.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0245.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0400.htmlhttp://secunia.com/advisories/57915http://rhn.redhat.com/errata/RHSA-2015-0034.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708293https://nvd.nist.govhttps://github.com/ian4hu/super-pomhttps://access.redhat.com/security/cve/cve-2013-2035
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook