6.2

CVE-2014-5207

Exploit
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 3.16.1
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionesm
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.89% 0.546
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.openwall.com/lists/oss-security/2014/08/13/4
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-2317-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2318-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1129662
Patch
Third Party Advisory
Issue Tracking
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705
http://osvdb.org/show/osvdb/110055
Broken Link
http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/oss-sec/2014/q3/352
Third Party Advisory
Mailing List
http://www.exploit-db.com/exploits/34923
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/69216
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95266
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705
Patch
Third Party Advisory