CVE-2014-1876
Published: 10 February 2014
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
Notes
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked |
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Released
(6b31-1.13.3-1ubuntu1~0.10.04.1)
|
|
precise |
Released
(6b31-1.13.3-1ubuntu1~0.12.04.2)
|
|
quantal |
Released
(6b31-1.13.3-1ubuntu1~0.12.10.1)
|
|
saucy |
Released
(6b31-1.13.3-1ubuntu1~0.13.10.1)
|
|
trusty |
Does not exist
(trusty was not-affected [6b31-1.13.3-1ubuntu1])
|
|
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. | ||
openjdk-7 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Does not exist
|
|
precise |
Released
(7u55-2.4.7-1ubuntu1~0.12.04.2)
|
|
quantal |
Released
(7u55-2.4.7-1ubuntu1~0.12.10.1)
|
|
saucy |
Released
(7u55-2.4.7-1ubuntu1~0.13.10.1)
|
|
trusty |
Does not exist
(trusty was released [7u55-2.4.7-1ubuntu1])
|
|
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
- https://bugzilla.redhat.com/show_bug.cgi?id=1060907
- http://seclists.org/oss-sec/2014/q1/285
- http://seclists.org/oss-sec/2014/q1/242
- http://osvdb.org/102808
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
- https://ubuntu.com/security/notices/USN-2187-1
- https://ubuntu.com/security/notices/USN-2191-1
- NVD
- Launchpad
- Debian