7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Proof of Concept exploit code, which uses a flaw in glibc that can allow a local unprivileged user to gain root on a Linux machine. This affects virtual machines deployed by IBM Workload Deployer using the IBM OS Image for RedHat Linux (version 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4 and 2.1.0.0).
VULNERABILITY DETAILS
The GNU C Library (glibc) is vulnerable to a heap-based buffer overflow, caused by an off-by-one error in the __gconv_translit_find() function. By setting the CHARSET environment variable to a malicious value, a local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges.
CVE ID:CVE-2014-5119
**DESCRIPTION:**Proof of Concept exploit code, which uses a flaw in glibc that can allow a local unprivileged user to gain root on Linux machine
CVSS:
CVSS Base Score: 7.2
CVSS Temporal Score: See _ https://exchange.xforce.ibmcloud.com/vulnerabilities/95044_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED PRODUCTS AND VERSIONS:
REMEDIATION:
Apply the following eFix for IBM Workload Deployer v3.1.0.7:
Note: This fix updates the IBM OS Image for Red Hat Linux System.
WORKAROUND(S) and MITIGATION(S):
None
ACKNOWLEDGEMENT:
None
CHANGE HISTORY:
26 September 2014 - Original Copy Published
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload deployer | eq | 3.1.0.7 |