Description
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
References (9)
Core 9
Core References
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:154
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1077023
Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/587
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:132
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0319.html
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/579
Scores
EPSS
0.0014
EPSS Percentile
34.0%
Details
CWE
CWE-59
Status
published
Products (18)
fedoraproject/fedora
20
gnu/readline
2.1
gnu/readline
2.2
gnu/readline
4.0
gnu/readline
4.1
gnu/readline
4.2 (2 CPE variants)
gnu/readline
4.3
gnu/readline
5.0
gnu/readline
5.1
gnu/readline
5.2
... and 8 more
Published
Aug 20, 2014
Tracked Since
Feb 18, 2026