CVE-2013-2035
Publication date 28 August 2013
Last updated 24 July 2024
Ubuntu priority
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
From the Ubuntu Security Team
It was discovered that HawtJNI wrote files with predictable names to /tmp. A local attacker could exploit a race condition by overwriting the predictably named temporary files, resulting in arbitrary code execution.
Status
Package | Ubuntu Release | Status |
---|---|---|
hawtjni | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Fixed 1.0~+git0c502e20c4-3+deb7u1build0.14.04.1
|
|