Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2014-4014

Status Candidate

Overview

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Related Files

Ubuntu Security Notice USN-2337-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2337-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
MD5 | dbbb6010fa4cf8b2782d2b03faa5058d
Ubuntu Security Notice USN-2336-1
Posted Sep 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2336-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045
MD5 | 512ec312e05c43b36012905d6c16124b
Ubuntu Security Notice USN-2287-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2287-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
MD5 | 81d5aec154cc3a74cf3b9789d007860a
Ubuntu Security Notice USN-2286-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2286-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-1739, CVE-2014-3144, CVE-2014-3145, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4943
MD5 | 511e7bed6e9a39ca49b13f35d58bbc2b
Ubuntu Security Notice USN-2285-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2285-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-1739, CVE-2014-3917, CVE-2014-4014, CVE-2014-4027, CVE-2014-4608, CVE-2014-4943
MD5 | 92ee8694d934c79d704e603326788380
Ubuntu Security Notice USN-2289-1
Posted Jul 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2289-1 - Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2014-0131, CVE-2014-3917, CVE-2014-4014, CVE-2014-4608, CVE-2014-4611, CVE-2014-4943
MD5 | b08b56e0bb535ea41f5a788c7a55e90e
Linux Kernel 3.13 Local Privilege Escalation
Posted Jun 21, 2014
Authored by Vitaly Nikolenko

Linux Kernel versions 3.13 and below local privilege escalation proof of concept exploit.

tags | exploit, kernel, local, proof of concept
systems | linux
advisories | CVE-2014-4014
MD5 | 28673a1a2f55a9bb95e68823c2ed7be8
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close