First published: Tue Jun 17 2014(Updated: )
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Ppc64-diag Project Ppc64-diag | =2.6.1 | |
SUSE Linux Enterprise Server | =11-sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.