Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2014-1875

Published: 06/10/2014 Updated: 29/08/2017
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Capture-tiny

Vulnerability Summary

The Capture::Tiny module prior to 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.

Vulnerable Product Search on Vulmon Subscribe to Product

cspan capture-tiny 0.22

cspan capture-tiny 0.21

cspan capture-tiny 0.20

cspan capture-tiny

Vendor Advisories

Debian CVElist Bug Report Logs: libcapture-tiny-perl: CVE-2014-1875: insecure use of /tmp
Debian Bug report logs - #737835 libcapture-tiny-perl: CVE-2014-1875: insecure use of /tmp Package: libcapture-tiny-perl; Maintainer for libcapture-tiny-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libcapture-tiny-perl is src:libcapture-tiny-perl (PTS, buildd, popcon) Reported by: Jaku ...
Amazon Linux AMI: ALAS-2014-358
It was found [1] that the Capture::Tiny module, provided by the perl-Capture-Tiny package, used the File::temp::tmpnam module to generate temporary files: /lib/Capture/Tinypm: $stash->{flag_files}{$which} = scalar tmpnam(); This module makes use of the mktemp() function when called in the scalar context, which creates significantly more predi ...

References

CWE-59http://osvdb.org/102963https://bugzilla.redhat.com/show_bug.cgi?id=1062424http://www.securityfocus.com/bid/65475https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835https://github.com/dagolden/Capture-Tiny/issues/16http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.htmlhttps://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changeshttp://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.htmlhttp://seclists.org/oss-sec/2014/q1/272http://seclists.org/oss-sec/2014/q1/267http://secunia.com/advisories/56823https://exchange.xforce.ibmcloud.com/vulnerabilities/91464https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2014-358.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook