Vulnerability Name:

CVE-2014-4014 (CCN-93767)

Assigned:2014-06-10
Published:2014-06-10
Updated:2018-12-18
Summary:The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
4.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2014-4014

Source: CONFIRM
Type: Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=23adbe12ef7d3d4195e80800ab36b37bee28cd03

Source: CCN
Type: oss-security Mailing List, Tue 10 Jun 2014
CVE-2014-4014: Linux kernel user namespace bug

Source: SECUNIA
Type: Third Party Advisory
59220

Source: EXPLOIT-DB
Type: Third Party Advisory, VDB Entry
33824

Source: CCN
Type: IBM Security Bulletin 1021943
PowerKVM Kernel Vulnerabilities - Multiple CVEs

Source: CONFIRM
Type: Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20140610 CVE-2014-4014: Linux kernel user namespace bug

Source: BID
Type: Third Party Advisory, VDB Entry
67988

Source: CCN
Type: BID-67988
Linux Kernel CVE-2014-4014 Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1030394

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1107966

Source: XF
Type: UNKNOWN
linux-kernel-cve20144014-priv-esc(93767)

Source: CCN
Type: Linux Kernel GIT Repository
fs,userns: Change inode_capable to capable_wrt_inode_uidgid

Source: CONFIRM
Type: Third Party Advisory
https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03

Source: CONFIRM
Type: Third Party Advisory
https://source.android.com/security/bulletin/2016-12-01.html

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [06-21-2014]

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-4014

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 3.14.8)

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.10:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20144014
    V
    		CVE-2014-4014
    2017-03-01
    oval:org.mitre.oval:def:28373
    P
    		ELSA-2014-3096 -- Unbreakable Enterprise kernel security update (important)
    2015-03-16
    oval:org.mitre.oval:def:26591
    P
    		USN-2337-1 -- linux vulnerabilities
    2014-10-27
    oval:org.mitre.oval:def:26633
    P
    		USN-2336-1 -- linux-lts-trusty vulnerabilities
    2014-10-27
    oval:org.mitre.oval:def:24968
    P
    		USN-2286-1 -- linux-lts-raring vulnerabilities
    2014-09-01
    oval:org.mitre.oval:def:25118
    P
    		USN-2285-1 -- linux-lts-quantal vulnerabilities
    2014-09-01
    oval:org.mitre.oval:def:25243
    P
    		USN-2289-1 -- linux vulnerabilities
    2014-09-01
    oval:org.mitre.oval:def:24584
    P
    		USN-2287-1 -- linux-lts-saucy vulnerabilities
    2014-09-01
    oval:com.ubuntu.precise:def:20144014000
    V
    		CVE-2014-4014 on Ubuntu 12.04 LTS (precise) - medium.
    2014-06-23
    oval:com.ubuntu.xenial:def:201440140000000
    V
    		CVE-2014-4014 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-06-23
    oval:com.ubuntu.trusty:def:20144014000
    V
    		CVE-2014-4014 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-06-23
    oval:com.ubuntu.xenial:def:20144014000
    V
    		CVE-2014-4014 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-06-23
    BACK
    linux linux kernel *
    linux linux kernel 3.10
    ibm powerkvm 2.1