This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Uoregon | First view | 2008-11-18 |
| Product | Tau | Last view | 2010-10-20 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:uoregon:tau:2.16.4:*:*:*:*:*:*:* | 2 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.9 | 2010-10-20 | CVE-2010-3382 | tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. |
| 6.9 | 2008-11-18 | CVE-2008-5157 | tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 68801 | Tuning and Analysis Utilities (TAU) tauex LD_LIBRARY_PATH Zero-length Directo... |
| 49956 | tau tau_cc Multiple Temporary File Symlink Arbitrary File Overwrite |
| 49955 | tau tau_f90 Multiple Temporary File Symlink Arbitrary File Overwrite |
| 49954 | tau tau_cxx Multiple Temporary File Symlink Arbitrary File Overwrite |
