|Bugzilla:||958618: CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution|
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Fuse MQ Enterprise 7.1.0||RHSA-2013:1029||July 09, 2013|
|RHOSE Client 1.2 (activemq)||RHSA-2014:0254||March 05, 2014|
|RHOSE Client 2.0 (activemq)||RHSA-2014:0245||March 03, 2014|
|Red Hat JBoss A-MQ 6.1||RHSA-2014:0401||April 14, 2014|
|Red Hat JBoss BPMS 6.0||RHSA-2014:1291||September 23, 2014|
|Red Hat JBoss BRMS 6.0||RHSA-2014:1290||September 23, 2014|
|Red Hat JBoss Data Grid 6.2||RHSA-2014:0029||January 15, 2014|
|Red Hat JBoss Data Virtualization 6.0||RHSA-2015:0034||January 12, 2015|
|Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server||RHSA-2013:1785||December 04, 2013|
|Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server||RHSA-2013:1786||December 04, 2013|
|Red Hat JBoss Enterprise Application Platform 6.2||RHSA-2013:1784||December 04, 2013|
|Red Hat JBoss Fuse 6.1||RHSA-2014:0400||April 14, 2014|
|Red Hat JBoss Fuse Service Works 6.0||RHSA-2014:1995||December 15, 2014|
|Red Hat JBoss Operations Network 3.3||RHSA-2014:1904||November 25, 2014|
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.