CVE-2014-4978 - OpenCVE

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Rawstudio	Rawstudio

Configuration 1 [-]

cpe:2.3:a:rawstudio:rawstudio:2.0-1.1:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html
http://www.openwall.com/lists/oss-security/2014/07/16/15
http://www.securityfocus.com/bid/68671
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899
https://bugzilla.redhat.com/show_bug.cgi?id=1120093
https://exchange.xforce.ibmcloud.com/vulnerabilities/94633
https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-29T22:00:00

Updated: 2024-08-06T11:34:37.074Z

Reserved: 2014-07-16T00:00:00

Link: CVE-2014-4978

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-29T22:29:00.410

Modified: 2018-01-10T19:21:55.727

Link: CVE-2014-4978

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-29T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140716 Re: CVE request: rawstudio: Insecure use of temporary file", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/07/16/15"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120093"}, {"name": "FEDORA-2015-8196", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d"}, {"name": "68671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68671"}, {"name": "rawstudio-rsfiltergraph-symlink(94633)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94633"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4978", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140716 Re: CVE request: rawstudio: Insecure use of temporary file", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/07/16/15"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1120093", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120093"}, {"name": "FEDORA-2015-8196", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html"}, {"name": "https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d", "refsource": "CONFIRM", "url": "https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d"}, {"name": "68671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68671"}, {"name": "rawstudio-rsfiltergraph-symlink(94633)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94633"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:37.074Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140716 Re: CVE request: rawstudio: Insecure use of temporary file", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/07/16/15"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120093"}, {"name": "FEDORA-2015-8196", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d"}, {"name": "68671", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68671"}, {"name": "rawstudio-rsfiltergraph-symlink(94633)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94633"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4978", "datePublished": "2017-12-29T22:00:00", "dateReserved": "2014-07-16T00:00:00", "dateUpdated": "2024-08-06T11:34:37.074Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rawstudio:rawstudio:2.0-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A326850B-FFF7-457B-994F-825EC2DC5C62", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph."}, {"lang": "es", "value": "La funci\u00f3n rs_filter_graph en librawstudio/rs-filter.c en rawstudio podr\u00eda permitir que usuarios locales trunquen archivos arbitrarios mediante un ataque de v\u00ednculo simb\u00f3lico en (1) /tmp/rs-filter-graph.png o (2) /tmp/rs-filter-graph."}], "id": "CVE-2014-4978", "lastModified": "2018-01-10T19:21:55.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-29T22:29:00.410", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/07/16/15"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68671"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754899"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120093"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94633"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/rawstudio/rawstudio/commit/9c2cd3c93c05d009a91d84eedbb85873b0cb505d"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}