Vulnerability Name: | CCN-98918 | ||||||
Published: | 2014-11-23 | ||||||
Updated: | 2014-11-23 | ||||||
Summary: | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by the invoking of an overly large number of third-party tools by the lesspipe script that use the less command to view the contents of downloaded files. An attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: CCN Type: oss-security Mailing List, Sun, 23 Nov 2014 01:24:11 -0800 so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Source: CCN Type: The Linux Kernel Archives Web site The Linux Kernel Archives Source: CCN Type: BID-71248 Linux Kernel cpio 'list_file()' Function Heap Based Buffer Overflow Vulnerability Source: XF Type: UNKNOWN linux-kernel-lesspipe-code-exec(98918) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |