Vulnerability Name: | CVE-2014-4014 (CCN-93767) | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2014-06-10 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2014-06-10 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2018-12-18 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C) 4.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2014-4014 Source: CONFIRM Type: Vendor Advisory http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=23adbe12ef7d3d4195e80800ab36b37bee28cd03 Source: CCN Type: oss-security Mailing List, Tue 10 Jun 2014 CVE-2014-4014: Linux kernel user namespace bug Source: SECUNIA Type: Third Party Advisory 59220 Source: EXPLOIT-DB Type: Third Party Advisory, VDB Entry 33824 Source: CCN Type: IBM Security Bulletin 1021943 PowerKVM Kernel Vulnerabilities - Multiple CVEs Source: CONFIRM Type: Vendor Advisory http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20140610 CVE-2014-4014: Linux kernel user namespace bug Source: BID Type: Third Party Advisory, VDB Entry 67988 Source: CCN Type: BID-67988 Linux Kernel CVE-2014-4014 Local Privilege Escalation Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1030394 Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1107966 Source: XF Type: UNKNOWN linux-kernel-cve20144014-priv-esc(93767) Source: CCN Type: Linux Kernel GIT Repository fs,userns: Change inode_capable to capable_wrt_inode_uidgid Source: CONFIRM Type: Third Party Advisory https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03 Source: CONFIRM Type: Third Party Advisory https://source.android.com/security/bulletin/2016-12-01.html Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [06-21-2014] Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-4014 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |