Insecure Temporary File Handling in OpenJDK and Oracle Java
CVE-2014-1876

Currently unrated

Key Information:

Vendor

Oracle
Status
Openjdk
Vendor
CVE Published:
10 February 2014

What is CVE-2014-1876?

The unpacker::redirect_stdio function in the unpack200 utility of OpenJDK and Oracle Java products does not properly manage the creation of temporary files. When a log file cannot be opened, it allows local users to perform a symlink attack targeting /tmp/unpack.log, potentially leading to arbitrary file overwrites. This vulnerability can be exploited by determined entities to compromise the system's integrity. Users of affected versions should apply the recommended updates to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.ubuntu.com/usn/USN-2187-1
vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-0675.html
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2014:0414
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.