CVE-2014-4014
CVE-2014-4014
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
githubgithub.com/vnik5287/cve-2014-4014-privesc★ 2cve_referencewww.exploit-db.com/exploits/33824no verificadoexploitdbwww.exploit-db.com/exploits/33824no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03https://bugzilla.redhat.com/show_bug.cgi?id=1107966http://secunia.com/advisories/59220https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03https://source.android.com/security/bulletin/2016-12-01.htmlhttp://www.exploit-db.com/exploits/33824http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8http://www.openwall.com/lists/oss-security/2014/06/10/4http://www.securityfocus.com/bid/67988http://www.securitytracker.com/id/1030394