Vulnerabilities > CVE-2014-2387 - Exposure of Resource to Wrong Sphere vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 | |
| OS | 3 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:66214 CVE ID:CVE-2014-2387 Pen是一个简单的负载平衡器,支持基础协议的TCP如HTTP或SMTP 。 Pen "/tmp/webfile.html"和"/tmp/penctl.cgi"脚本不安全创建临时文件,允许本地攻击者利用漏洞进行符号链接攻击,可破坏系统文件等。 0 Pen 目前没有详细解决方案提供: http://siag.nu/pen/ |
| id | SSV:61814 |
| last seen | 2017-11-19 |
| modified | 2014-03-17 |
| published | 2014-03-17 |
| reporter | Root |
| title | Pen 'penctl.cgi'多个不安全临时文件创建漏洞 |
References
- http://www.openwall.com/lists/oss-security/2014/03/13/5
- http://www.openwall.com/lists/oss-security/2014/03/14/2
- http://www.securityfocus.com/bid/66214
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91992
- https://security-tracker.debian.org/tracker/CVE-2014-2387