Lucene search

K

PRIOn knowledge basePRION:CVE-2014-4014

HistoryJun 23, 2014 - 11:21 a.m.

Design/Logic Flaw

2014-06-2311:21:00

PRIOn knowledge base

www.prio-n.com

7

6.5 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.5%

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

CPENameOperatorVersion
linux_kernellt3.14.8

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03

secunia.com/advisories/59220

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8

www.openwall.com/lists/oss-security/2014/06/10/4

www.securityfocus.com/bid/67988

www.securitytracker.com/id/1030394

bugzilla.redhat.com/show_bug.cgi?id=1107966

github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03

source.android.com/security/bulletin/2016-12-01.html

www.exploit-db.com/exploits/33824

6.5 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.5%

Related for PRION:CVE-2014-4014

debiancve1 exploitpack1 nessus16 ubuntucve1 seebug1 zdt1 f52 securityvulns3 cve1 exploitdb1 openvas48 amazon1 mageia8 ubuntu6 oraclelinux1 suse2 kitploit1 fedora28 androidsecurity1