CVE-2014-1839

Published: Mar 11, 2014Modified: May 6, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

Affected (3)

Products: Opensuse: Opensuse · Logilab: Logilab Common

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Logilab Logilab Common	Up to 0.60.0

References (10)

http://comments.gmane.org/gmane.comp.security.oss.general/11986

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html

Source: cve@mitre.org

http://secunia.com/advisories/57209

Source: cve@mitre.org

Vendor Advisory

http://www.logilab.org/ticket/207562

Source: cve@mitre.org

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051

Source: cve@mitre.org

http://comments.gmane.org/gmane.comp.security.oss.general/11986