Vulnerability CVE-2014-3499

Vulnerability Name:

CVE-2014-3499 (CCN-94273)

Assigned:

2014-07-02

Published:

2014-07-02

Updated:

2023-02-13

Summary:

The Red Hat Docker Package could allow a local attacker to gain elevated privileges on the system, caused by the use of insecure permissions for the socket used to manage the program. An attacker could exploit this vulnerability to gain elevated privileges on the system.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2014-3499

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-68303
Docker CVE-2014-3499 Local Privilege Escalation Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 1111687
(CVE-2014-3499) CVE-2014-3499 docker: systemd socket activation results in privilege escalation

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
docker-cve20143499-priv-esc(94273)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:redhat:docker:1.5.0-27:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7703	P	libxslt-devel-1.1.34-150400.3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7725	P	openslp-2.0.0-6.15.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7755	P	ppc64-diag-2.7.9-150500.1.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7777	P	python3-paramiko-2.4.3-150100.6.18.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:604	P	Security update for virt-v2v (Moderate) (in QA)	2022-09-05
oval:org.opensuse.security:def:602	P	Security update for mariadb (Important)	2022-07-27
oval:org.opensuse.security:def:20143499	V	CVE-2014-3499	2022-06-30
oval:org.opensuse.security:def:933	P	Security update for python-PyJWT (Important) (in QA)	2022-06-21
oval:org.opensuse.security:def:931	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:112162	P	docker-1.12.3-4.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:35278	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:1281	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:1279	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) (Important)	2021-11-17
oval:org.opensuse.security:def:6976	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP1) (Important)	2021-10-14
oval:org.opensuse.security:def:105697	P	docker-1.12.3-4.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71202	P	grub2-2.02-24.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:6953	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (Important)	2021-08-17
oval:org.opensuse.security:def:48249	P	openssh-7.2p2-74.45.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48184	P	libqt4-32bit-4.8.7-8.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48122	P	libhivex0-1.3.10-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48038	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47824	P	mailman-2.1.17-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47676	P	libXfont1-1.5.1-11.3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47125	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47584	P	cups-1.7.5-20.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47452	P	openssh-7.2p2-69.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48353	P	yast2-core-3.3.1-1.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47259	P	gd-2.1.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48282	P	python-doc-2.7.13-28.31.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47138	P	python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48251	P	opie-2.4-724.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47124	P	perl-HTML-Parser-3.71-1.145 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48186	P	libraptor2-0-2.0.10-3.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48124	P	libical1-1.0.1-16.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48040	P	gzip-1.10-2.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47826	P	mariadb-10.2.18-1.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47678	P	libXi6-1.7.4-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47586	P	cups-pk-helper-0.2.5-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47454	P	openvswitch-2.7.0-2.29 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47261	P	gdk-pixbuf-loader-rsvg-2.40.15-4.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47140	P	python-requests-2.8.1-6.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47126	P	perl-Tk-804.031-3.76 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47123	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48351	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48280	P	python-cryptography-1.3.1-7.13.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:55227	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:6934	P	Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1) (Important)	2021-07-27
oval:org.opensuse.security:def:7117	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP2) (Important)	2021-07-15
oval:org.opensuse.security:def:6919	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)	2021-07-14
oval:org.opensuse.security:def:7104	P	Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP2) (Important)	2021-06-18
oval:org.opensuse.security:def:36585	P	xorg-x11-libXext-devel-32bit-7.4-1.18.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36491	P	libsss_idmap-devel-1.9.4-0.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46407	P	docker-1.2.0-3.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36543	P	pwlib-1.10.10-120.35.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55910	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36533	P	pango-devel-1.26.2-1.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71089	P	python2-salt-2018.3.0-3.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:13287	P	docker-1.2.0-3.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:6901	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP1) (Important)	2021-05-25
oval:org.opensuse.security:def:7095	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)	2021-05-25
oval:org.opensuse.security:def:7086	P	Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP2) (Important)	2021-05-25
oval:org.opensuse.security:def:64502	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:6882	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP1) (Important)	2021-04-28
oval:org.opensuse.security:def:6867	P	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)	2021-04-07
oval:org.opensuse.security:def:6872	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (Important)	2021-04-07
oval:org.opensuse.security:def:67749	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)	2021-04-07
oval:org.opensuse.security:def:7065	P	Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:7028	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1) (Important)	2021-03-17
oval:org.opensuse.security:def:7001	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2021-02-10
oval:org.opensuse.security:def:7053	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:7052	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:89846	P	docker-18.09.1_ce-6.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13233	P	docker-1.6.2-31.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35853	P	MozillaFirefox-17.0.4esr-0.10.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35809	P	postgresql-8.3.14-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35781	P	lvm2-2.02.84-3.25.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35742	P	libcgroup1-0.34-2.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35693	P	evolution-data-server-2.28.2-0.26.33.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62368	P	docker-17.09.1_ce-4.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35634	P	qt3-3.3.8b-88.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13234	P	docker-1.8.3-52.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35905	P	glib2-2.22.5-0.8.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46353	P	docker-1.6.2-31.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35861	P	amavisd-new-2.7.0-18.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35833	P	tftp-0.48-101.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35794	P	openswan-2.6.16-1.36.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35745	P	libexiv2-4-0.17.1-31.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62370	P	docker-18.09.1_ce-6.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35686	P	dhcpcd-3.2.3-44.28.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35526	P	bind-9.5.0P2-20.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46354	P	docker-1.8.3-52.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103501	P	docker-18.09.1_ce-6.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35058	P	Security update for java-1_6_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:35047	P	Security update for jasper (Important)	2020-12-01
oval:org.opensuse.security:def:49320	P	python3-urllib3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6820	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6774	P	libvirglrenderer0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67849	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6752	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6744	P	libproxy1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49372	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64415	P	logrotate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34994	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:6826	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6804	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55064	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6796	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56588	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56507	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:35474	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56469	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49374	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35384	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:56395	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:35046	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:35327	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:56303	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:35226	P	Security update for lzo	2020-12-01
oval:org.opensuse.security:def:56195	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:35090	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:35006	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:55744	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:34995	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:55638	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49318	P	python3-salt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55465	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:55087	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55065	P	bash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35436	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:7043	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35379	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:7034	P	libexif12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35142	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:com.ubuntu.trusty:def:20143499000	V	CVE-2014-3499 on Ubuntu 14.04 LTS (trusty) - high.	2014-07-11
oval:com.ubuntu.xenial:def:20143499000	V	CVE-2014-3499 on Ubuntu 16.04 LTS (xenial) - high.	2014-07-11
oval:com.ubuntu.xenial:def:201434990000000	V	CVE-2014-3499 on Ubuntu 16.04 LTS (xenial) - high.	2014-07-11

BACK