| Revision Date: | 2014-06-17 | Version: | 1 | | Title: | CVE-2014-4038 on Ubuntu 16.04 LTS (xenial) - medium. | | Description: | ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. sbeattie> for (1) rtas_errd/diag_support.c fully fixed in 2.7.0, trusty does not have the second commit below, which should cause the mkstemp() call to fail; so is still not vulnerable. sbeattie> for (2) snap binary is not shipped in powerpc-utils on yakkety and newer, so scripts/ppc64_diag_mkrsrc won't write anything out. It does not exist in trusty and earlier releases' powerpc-utils, either. For xenial, the snap script will abort as it's not supported on Ubuntu. So no possibility of writing the tar file out in any release; therefore not affected for this part. sbeattie> (3) is unfixed upstream. but is only in a test script that is not included in the package, so is not affected. Yakkety has patches applied by debian for this.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-4038
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND NOT ppc64-diag package in xenial, while related to the CVE in some way, is not affected (note: ' 2.7.0-0ubuntu1').
|
|