cbcvebase.
CVE-2014-4039
published 2014-06-17

CVE-2014-4039: ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local…

low2.1CVSS 3.1
AVLACLAuNCPINAN
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianppc64-diag< ppc64-diag 2.7.1-5 (bookworm)ppc64-diag 2.7.1-5 (bookworm)
ppc64-diag_projectppc64-diag
ppc64-diag_projectppc64-diag>= 0 < 2.7.1-52.7.1-5
ppc64-diag_projectppc64-diag>= 0 < 2.7.1-52.7.1-5
redhatenterprise_linux_server
redhatenterprise_linux_server
suselinux_enterprise_server

CVSS provenance

nvd2.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW