Lucene search

[email protected]CVE-2014-4014

HistoryJun 23, 2014 - 11:21 a.m.

CVE-2014-4014

2014-06-2311:21:00

CWE-264

[email protected]

web.nvd.nist.gov

linux kernel

cve-2014-4014

chmod

user namespace

security vulnerability

7.5 High

AI Score

Confidence

High

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.8%

JSON

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt3.14.8

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	3.14.8

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03

secunia.com/advisories/59220

www.exploit-db.com/exploits/33824

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8

www.openwall.com/lists/oss-security/2014/06/10/4

www.securityfocus.com/bid/67988

www.securitytracker.com/id/1030394

bugzilla.redhat.com/show_bug.cgi?id=1107966

github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03

source.android.com/security/bulletin/2016-12-01.html

7.5 High

AI Score

Confidence

High

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2014-4014

prion1 debiancve1 exploitpack1 nessus16 ubuntucve1 zdt1 seebug1 f52 securityvulns3 exploitdb1 openvas48 amazon1 ubuntu6 mageia8 oraclelinux1 suse2 kitploit1 fedora28 androidsecurity1