Lucene search

PRIOn knowledge basePRION:CVE-2014-7970

HistoryOct 13, 2014 - 10:55 a.m.

Code injection

2014-10-1310:55:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.04
linux_kernelle3.17
suse_linux_enterprise_servereq11.0 sp3

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	14.04
linux_kernel	le	3.17
suse_linux_enterprise_server	eq	11.0 sp3

References

lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

secunia.com/advisories/60174

secunia.com/advisories/61142

www.openwall.com/lists/oss-security/2014/10/08/21

www.securityfocus.com/bid/70319

www.securitytracker.com/id/1030991

www.spinics.net/lists/linux-fsdevel/msg79153.html

www.ubuntu.com/usn/USN-2419-1

www.ubuntu.com/usn/USN-2420-1

www.ubuntu.com/usn/USN-2513-1

www.ubuntu.com/usn/USN-2514-1

access.redhat.com/errata/RHSA-2017:1842

access.redhat.com/errata/RHSA-2017:2077

bugzilla.redhat.com/show_bug.cgi?id=1151095

exchange.xforce.ibmcloud.com/vulnerabilities/96921

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

Related for PRION:CVE-2014-7970