Vulnerabilities > Ppc64 Diag Project

DATE	CVE	VULNERABILITY TITLE	RISK
2014-06-17	CVE-2014-4039	Permissions, Privileges, and Access Controls vulnerability in multiple products ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. local low complexity redhat ppc64-diag-project suse CWE-264	2.1
2014-06-17	CVE-2014-4038	Link Following vulnerability in multiple products ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. local suse ppc64-diag-project redhat CWE-59	4.4

Vulnerabilities > Ppc64 Diag Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ppc64 Diag Project"}]}