Lucene search

[email protected]CVE-2014-5220

HistoryJun 08, 2018 - 5:29 p.m.

CVE-2014-5220

2018-06-0817:29:00

CWE-77

[email protected]

web.nvd.nist.gov

cve-2014-5220

opensuse

mdadm

nvd

security vulnerability

local attackers

arbitrary commands

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

Affected configurations

NVD

Node

opensuseopensuseMatch13.2

Node

mdadm_projectmdadmRange<3.3.3

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.2

References

bugzilla.suse.com/show_bug.cgi?id=910500

lists.opensuse.org/opensuse-updates/2015-02/msg00069.html

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-5220

prion1 nvd1 ubuntucve1 cvelist1 debiancve1 nessus1