SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Sample Queries

Paid content will be excluded from the download.

Download | Alert*

OVAL

ALAS-2014-357 ---- readline

ID: oval:org.secpod.oval:def:1600042	Date: (C)2016-01-07 (M)2022-10-10
Class: PATCH	Family: unix

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Platform:

Amazon Linux AMI

Product:

readline

Reference:

cpe:/o:amazon:linux
cpe:/a:gnu:readline:2.1
cpe:/a:gnu:readline:6.2
cpe:/a:gnu:readline:6.3
...


30479



423868



248678



909



195426



282