Lucene search
MitreCVE-2014-5284HistoryDec 02, 2014 - 1:59 a.m.
CVE-2014-5284
2014-12-0201:59:04
CWE-264
mitre
web.nvd.nist.gov
37
ossec
cve-2014-5284
predictable filename
vulnerability
nvd
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
13.1%
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
Affected configurations
Node
ossecossecRange≤2.8.0
Related
packetstorm
packetstorm
OSSEC 2.8 Privilege Escalation
2014-11-14 00:00:00
freebsd
freebsd
security/ossec-hids-* -- root escalation via temp files
2014-09-09 00:00:00
prion
prion
Design/Logic Flaw
2014-12-02 01:59:00
cvelist
cvelist
CVE-2014-5284
2014-12-02 01:00:00
zdt
zdt
nessus
nessus
nvd
nvd
CVE-2014-5284
2014-12-02 01:59:04
exploitdb
exploitdb
OSSEC 2.8 - 'hosts.deny' Local Privilege Escalation
2014-11-14 00:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
13.1%
Related for CVE-2014-5284