CVE-2014-3981

CVSS V2 Low 3.3 CVSS V3 None
Description
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
Overview
  • CVE ID
  • CVE-2014-3981
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2014-06-08T18:55:06
  • Last Modified Date
  • 2023-01-19T16:30:15
Weakness Enumerations
CWE URL
CWE-59 http://cwe.mitre.org/data/definitions/59.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 1 OR 5.5.13
cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:M/Au:N/C:N/I:P/A:P
  • Access Vector
  • LOCAL
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 3.3
  • Severity
  • LOW
  • Exploitability Score
  • 3.4
  • Impact Score
  • 4.9
References
Reference URL Reference Tags
http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1104978
http://seclists.org/fulldisclosure/2014/Jun/21
http://openwall.com/lists/oss-security/2014/06/06/12
https://bugs.php.net/bug.php?id=67390 Patch
http://support.apple.com/kb/HT6443
http://marc.info/?l=bugtraq&m=141390017113542&w=2
https://support.apple.com/HT204659
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://marc.info/?l=bugtraq&m=141017844705317&w=2
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2014-3981
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981
History
Created Old Value New Value Data Type Notes
2022-05-10 09:50:59 Added to TrackCVE
2022-12-01 23:25:06 2014-06-08T18:55Z 2014-06-08T18:55:06 CVE Published Date updated
2022-12-01 23:25:06 2017-01-07T03:00:07 CVE Modified Date updated
2022-12-01 23:25:06 Undergoing Analysis Vulnerability Status updated
2023-01-19 17:04:17 2023-01-19T16:30:15 CVE Modified Date updated
2023-01-19 17:04:17 Undergoing Analysis Analyzed Vulnerability Status updated