Published: 23/04/2014 Updated: 30/10/2018

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and previous versions allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
llvm clang

Debian Bug report logs - #744817 clang-35: CVE-2014-2893: scan-build: insecure use of /tmp Package: clang-35; Maintainer for clang-35 is LLVM Packaging Team <pkg-llvm-team@listsaliothdebianorg>; Source for clang-35 is src:llvm-toolchain-35 (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: ...

The GetHTMLRunDir function in the scan-build utility in Clang 35 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names ...

CWE-59 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817 http://www.openwall.com/lists/oss-security/2014/04/20/1 http://www.openwall.com/lists/oss-security/2014/04/16/2 http://lists.opensuse.org/opensuse-updates/2015-02/msg00038.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-2893

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2893

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect