Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv2

CVE-2014-1640

Published: 28/01/2014 Updated: 29/08/2017
CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4
VMScore: 294
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Summary

axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.

Vulnerable Product Search on Vulmon Subscribe to Product

debian axiom 20100701-1.1

Vendor Advisories

Debian CVElist Bug Report Logs: axiom: CVE-2014-1640: tmp file vulnerability
Debian Bug report logs - #736358 axiom: CVE-2014-1640: tmp file vulnerability Package: axiom; Maintainer for axiom is Camm Maguire <camm@debianorg>; Source for axiom is src:axiom (PTS, buildd, popcon) Reported by: Helmut Grohne <helmut@subdivide> Date: Wed, 22 Jan 2014 18:15:07 UTC Severity: important Tags: securi ...

References

CWE-59http://www.osvdb.org/102383http://www.openwall.com/lists/oss-security/2014/01/22/4http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736358http://www.openwall.com/lists/oss-security/2014/01/22/3https://exchange.xforce.ibmcloud.com/vulnerabilities/90663https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736358https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274CVE-2024-35388CVE-2024-35396elevation of privilegeCVE-2021-47544file uploadCVE-2021-47545memory leakCVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook