Lucene search

[email protected]CVE-2014-8148

HistoryJan 26, 2015 - 3:59 p.m.

CVE-2014-8148

2015-01-2615:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-8148

midgard2

d-bus

access control

local users

arbitrary code

root privileges

nvd

7.4 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
midgard-project:midgard2midgard-project midgard2eq10.05.7.1

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
midgard-project:midgard2	midgard-project midgard2	eq	10.05.7.1

References

lists.opensuse.org/opensuse-updates/2015-01/msg00051.html

lists.opensuse.org/opensuse-updates/2015-02/msg00066.html

www.openwall.com/lists/oss-security/2015/01/05/2

7.4 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2014-8148

prion1 cvelist1 ubuntucve1 nessus3 openvas1