Lucene search

K

[email protected]NVD:CVE-2014-4014

HistoryJun 23, 2014 - 11:21 a.m.

CVE-2014-4014

2014-06-2311:21:17

CWE-264

[email protected]

web.nvd.nist.gov

1

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Affected configurations

NVD

Node

linuxlinux_kernelRange<3.14.8

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03

secunia.com/advisories/59220

www.exploit-db.com/exploits/33824

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8

www.openwall.com/lists/oss-security/2014/06/10/4

www.securityfocus.com/bid/67988

www.securitytracker.com/id/1030394

bugzilla.redhat.com/show_bug.cgi?id=1107966

github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03

source.android.com/security/bulletin/2016-12-01.html

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

Related for NVD:CVE-2014-4014

zdt1 seebug1 debiancve1 prion1 cvelist1 cve1 f52 securityvulns3 nessus16 exploitpack1 ubuntucve1 exploitdb1 openvas48 amazon1 mageia8 ubuntu6 oraclelinux1 suse2 kitploit1 fedora28 androidsecurity1