6.2 Medium
AI Score
Confidence
High
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
8.1%
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (CVE-2015-3339)
Impact
A local user with advanced shell (bash) access on a BIG-IP system, or with local administrator access on a Traffix system, may be able to use this flaw to gain elevated privileges. In supported configurations on the BIG-IP system, advanced shell access is limited to system administrators. BIG-IP appliance mode does not expose this issue, as users are not allowed advanced shell access in this mode. On Traffix systems, only administrators have local access.
CPE | Name | Operator | Version |
---|---|---|---|
f5 websafe | eq | 1.0.0 | |
f5 iworkflow | eq | 2.0.0 | |
f5 iworkflow | eq | 2.0.1 | |
f5 iworkflow | eq | 2.0.2 | |
f5 iworkflow | eq | 2.0.X | |
f5 iworkflow | eq | 2.1.0 | |
f5 iworkflow | eq | 2.1.X | |
f5 iworkflow | eq | 2.2.0 | |
f5 iworkflow | eq | 2.2.X | |
f5 iworkflow | eq | 2.3.0 |