CVE-2014-4038: Race Condition
First published: Fri Jun 13 2014(Updated: )
As noted in the SUSE bug report [1], numerous /tmp race conditions exist in ppc64-diag, in particular: rtas_errd/diag_support.c:233: char command[]="/usr/bin/find /proc/device-tree -name status -print > /tmp/get_dt_files"; rtas_errd/diag_support.c:241: fp1 = fopen("/tmp/get_dt_files", "r"); rtas_errd/prrn_hotplug:8:TMPFILE=`mktemp -p /tmp` scripts/ppc64_diag_mkrsrc:126:mkdir "/tmp/diagSEsnap", 0775; scripts/ppc64_diag_mkrsrc:127:$general_eed_file = "/tmp/diagSEsnap/snapH.tar.gz"; In the case of rtas_errd/prrn_hotplug, mktemp is used but is assumed to have succeeded; there is no check for the return value. mktemp should probably be used properly in all of these. I don't know if the data in /tmp/diagSEsnap is sensitive or not, but if it is, the permissions on that directory should probably be tightened up. No CVE(s) have been assigned to these issues as of yet. [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=882667">https://bugzilla.novell.com/show_bug.cgi?id=882667</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux Enterprise Server | =11-sp3 | |
| Ppc64-diag Project | =2.6.1 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.novell.com/show_bug.cgi?id=882667
- https://access.redhat.com/security/cve/CVE-2014-4038
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4038
- http://openwall.com/lists/oss-security/2014/06/17/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1109371
- https://access.redhat.com/security/cve/CVE-2014-4039
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4039
- https://rhn.redhat.com/errata/RHSA-2015-0383.html
- https://rhn.redhat.com/errata/RHSA-2015-1320.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1109371
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2015-0383.html
- http://rhn.redhat.com/errata/RHSA-2015-1320.html
- http://secunia.com/advisories/60616
- http://www.securityfocus.com/bid/68049
Frequently Asked Questions
What is the severity of CVE-2014-4038?
CVE-2014-4038 has a medium severity rating due to its potential for local privilege escalation.
How do I fix CVE-2014-4038?
To mitigate CVE-2014-4038, update affected software to the latest versions that patch the race condition vulnerabilities.
What systems are affected by CVE-2014-4038?
CVE-2014-4038 affects specific versions of SUSE Linux Enterprise Server and Red Hat Enterprise Linux.
What kind of vulnerability is CVE-2014-4038?
CVE-2014-4038 is a local privilege escalation vulnerability caused by race conditions in the ppc64-diag software.
Is CVE-2014-4038 exploit related to file permissions?
Yes, the exploit associated with CVE-2014-4038 typically involves manipulating temporary file permissions.
- collector/redhat-bugzilla
- alias/CVE-2014-4038
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- vendor/ppc64-diag project
- canonical/ppc64-diag project
- version/ppc64-diag project/2.6.1
- vendor/redhat
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0