SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2014-4150

The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 5.5		CVSS Score : 3.6
Exploit Score: 1.8		Exploit Score: 3.9
Impact Score: 3.6		Impact Score: 4.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: LOCAL		Access Vector: LOCAL
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: LOW		Authentication: NONE
User Interaction: NONE		Confidentiality: NONE
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: NONE		Availability: PARTIAL
Integrity: HIGH
Availability: NONE

Reference:

BID-67654

http://www.openwall.com/lists/oss-security/2014/06/13/5

http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766


30479



423868



249461



909



195508



282