NVD

Id
28977  
Name
CVE-2014-0027  
Description
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
3.3  
Severity
Low  
CVSS Base Score
3.3  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-01-25  
Modified Date
2014-02-21  
Seq
2014-0027  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
152763 28977 CVE-2014-0027 FEDORA-2014-0574  View
152764 28977 CVE-2014-0027 FEDORA-2014-0579  View
152765 28977 CVE-2014-0027 [oss-security] 20140110 temporary file issue in flite  View
152766 28977 CVE-2014-0027 MDVSA-2014:032  View
152767 28977 CVE-2014-0027 64791  View
152768 28977 CVE-2014-0027 https://bugzilla.redhat.com/show_bug.cgi?id=1048678  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12390 JVNDB-2014-001265 Flite の audio/auserver.c 内の play_wave_from_socket 関数における任意のファイルを変更される脆弱性 Flite の audio/auserver.c 内の play_wave_from_socket 関数には、任意のファイルを変更される脆弱性が存在します。 CVE-2014-0027 67428 CVE-2014-0027 28977 3.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001265.html 2014-01-06 2014-01-28 View