Lucene search
HistoryDec 27, 2014 - 2:59 a.m.
CVE-2014-0748
cve-2014-0748
cray devices
cle
alpsauth
uid validation
local users
gain privileges
aprun program
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.
Affected configurations
Node
craycray_linux_environmentRange≤4.2
ORcraycray_linux_environmentMatch5.1
Related
nvd
nvd
CVE-2014-0748
2014-12-27 02:59:00
prion
prion
Code injection
2014-12-27 02:59:00
securityvulns
securityvulns
Cray supercomputers privilege escalation
2014-05-05 00:00:00
[mwrlabs advisory][CVE-2014-0748] Cray Aprun/Apinit Privilege Escalation
2014-05-05 00:00:00
cvelist
cvelist
CVE-2014-0748
2014-12-27 02:00:00
packetstorm
packetstorm
Cray Aprun / Apinit Privilege Escalation
2014-02-11 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-0748