CVE-2014-3981

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.

References

http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://marc.info/?l=bugtraq&m=141017844705317&w=2

http://marc.info/?l=bugtraq&m=141390017113542&w=2

http://openwall.com/lists/oss-security/2014/06/06/12

http://seclists.org/fulldisclosure/2014/Jun/21

http://support.apple.com/kb/HT6443

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www-01.ibm.com/support/docview.wss?uid=swg21683486

https://bugs.php.net/bug.php?id=67390

https://bugzilla.redhat.com/show_bug.cgi?id=1104978

https://support.apple.com/HT204659

Details

Source: MITRE

Published: 2014-06-08

Updated: 2017-01-07

Type: CWE-59

Risk Information

CVSS v2

Base Score: 3.3

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.4

Severity: LOW

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
700510Mac OS X 10.10.x < 10.10.3 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
82700Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)NessusMacOS X Local Security Checks
critical
82699Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)NessusMacOS X Local Security Checks
critical
78556PHP 5.6.0 Multiple VulnerabilitiesNessusCGI abuses
high
78336Amazon Linux AMI : php (ALAS-2014-393)NessusAmazon Linux Local Security Checks
high
78315Amazon Linux AMI : php55 (ALAS-2014-372)NessusAmazon Linux Local Security Checks
high
78310Amazon Linux AMI : php54 (ALAS-2014-367)NessusAmazon Linux Local Security Checks
high
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
77285PHP 5.3.x < 5.3.29 Multiple VulnerabilitiesNessusCGI abuses
high
77241FreeBSD : PHP multiple vulnerabilities (d2a892b9-2605-11e4-9da0-00a0986f28c4)NessusFreeBSD Local Security Checks
high
76476Slackware 14.0 / 14.1 / current : php (SSA:2014-192-01)NessusSlackware Local Security Checks
high
8320PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
76282PHP 5.5.x < 5.5.14 Multiple VulnerabilitiesNessusCGI abuses
high
76281PHP 5.4.x < 5.4.30 Multiple VulnerabilitiesNessusCGI abuses
high