CVE-2014-2524
NONE
Published Aug 20, 201411y ago · Modified Jun 17, 20262w ago
Published Aug 20, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-59
Affected Products 19
| Vendor | Product | Version | Range |
|---|---|---|---|
| mageia | mageia | 3.0 | any |
| mageia | mageia | 4.0 | any |
| gnu | readline | * | ≤6.3 |
| gnu | readline | 2.1 | any |
| gnu | readline | 2.2 | any |
| gnu | readline | 4.0 | any |
| gnu | readline | 4.1 | any |
| gnu | readline | 4.2 | any |
| gnu | readline | 4.2 | any |
| gnu | readline | 4.3 | any |
| gnu | readline | 5.0 | any |
| gnu | readline | 5.1 | any |
| gnu | readline | 5.2 | any |
| gnu | readline | 6.0 | any |
| gnu | readline | 6.1 | any |
| gnu | readline | 6.2 | any |
| opensuse | opensuse | 12.3 | any |
| opensuse | opensuse | 13.1 | any |
| fedoraproject | fedora | 20 | any |
References 9
- advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0319.html
- lists.gnu.org http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
- seclists.org http://seclists.org/oss-sec/2014/q1/579
- seclists.org http://seclists.org/oss-sec/2014/q1/587
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2014:154
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:132
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1077023
- lists.fedoraproject.org https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html
Remediation
- lists.gnu.org http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html