| Revision Date: | 2015-03-23 | Version: | 7 | | Title: | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log | | Description: | The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | | Family: | windows | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2014-1876
| | Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Java Runtime Environment
JRockit
| | Definition Synopsis | | Determine if the version of JRockit is less than R28.3.1 and is greater than or equal to R28.0.0 Determine if the version of JRockit equals R28.3.1
AND JRockit R28 is installed
OR Determine if the version of JRockit is less than R27.8.1 and is greater than or equal to R27.0.0
Determine if the version of JRockit equals R27.8.1
AND JRockit R27 is installed
OR Determine if the version of Java Runtime Environment is less than 1.5.0:update_51 and is greater than or equal to 1.5.0
Determine if the version of Java Runtime Environment equals 1.5.0:update_51
AND Java SE Runtime Environment 5 is installed
OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_71 and is greater than or equal to 1.6.0
Determine if the version of Java Runtime Environment equals 1.6.0:update_71
AND Java SE Runtime Environment 6 is installed
OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_51 and is greater than or equal to 1.7.0
Determine if the version of Java Runtime Environment equals 1.7.0:update_51
AND Java SE Runtime Environment 7 is installed
OR Determine if the version of Java Runtime Environment equals 1.8.0
Determine if the version of Java Runtime Environment equals 1.8.0
AND Java SE Runtime Environment 8 is installed
|
|