Lucene search
FreeBSD36858E78-3963-11E4-AD84-000C29F6AE42HistorySep 09, 2014 - 12:00 a.m.
security/ossec-hids-* -- root escalation via temp files
2014-09-0900:00:00
vuxml.freebsd.org
20
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
13.1%
OSSEC reports:
This correction will create the temp file for the hosts deny file
in /var/ossec and will use mktemp where available to create
NON-predictable temp file name. In cases where mktemp is not
available we have written a BAD version of mktemp, but should be a
little better then just process id.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | ossec-hids-server | < 2.8.1 | UNKNOWN |
| FreeBSD | any | noarch | ossec-hids-client | < 2.8.1 | UNKNOWN |
| FreeBSD | any | noarch | ossec-hids-local | < 2.8.1 | UNKNOWN |
References
Related
packetstorm
packetstorm
OSSEC 2.8 Privilege Escalation
2014-11-14 00:00:00
cve
cve
CVE-2014-5284
2014-12-02 01:59:04
prion
prion
Design/Logic Flaw
2014-12-02 01:59:00
cvelist
cvelist
CVE-2014-5284
2014-12-02 01:00:00
nvd
nvd
CVE-2014-5284
2014-12-02 01:59:04
exploitdb
exploitdb
OSSEC 2.8 - 'hosts.deny' Local Privilege Escalation
2014-11-14 00:00:00
zdt
zdt
nessus
nessus
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
13.1%
Related for 36858E78-3963-11E4-AD84-000C29F6AE42