Lucene search

K
nvd[email protected]NVD:CVE-2014-4014
HistoryJun 23, 2014 - 11:21 a.m.

CVE-2014-4014

2014-06-2311:21:17
CWE-264
web.nvd.nist.gov
7

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

26.5%

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<3.14.8
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

26.5%