Lucene search

[email protected]CVE-2014-4677

HistoryFeb 22, 2017 - 4:59 p.m.

CVE-2014-4677

2017-02-2216:59:00

CWE-77

[email protected]

web.nvd.nist.gov

cve-2014-4677

nvd

gpg suite

libmacgpg

installerhelper

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.

Affected configurations

NVD

Node

gpgtoolslibmacgpgRange≤0.6

CPENameOperatorVersion
gpgtools:libmacgpggpgtools libmacgpgle0.6

CPE	Name	Operator	Version
gpgtools:libmacgpg	gpgtools libmacgpg	le	0.6

References

bierbaumer.net/security/cve-2014-4677/

gpgtools.org/releases/gpgsuite/2015.08/release-notes.html

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-4677

prion1 nvd1 cvelist1