CVE-2014-1226

Опубликовано: 06 апр. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.

Ссылки

http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html
Third Party Advisory
http://seclists.org/fulldisclosure/2014/Jun/12
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/06/03/13
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/532278/100/0/threaded
http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html
Third Party Advisory
http://seclists.org/fulldisclosure/2014/Jun/12
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/06/03/13
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/532278/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:s3dvt_project:s3dvt:*:*:*:*:*:*:*:*

Версия до 0.2.2 (включая)

EPSS

Процентиль: 14%

0.00046

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2014-1226

CVSS3: 7.8

ubuntu

почти 8 лет назад

CVE-2014-1226

CVSS3: 7.8

debian

почти 8 лет назад

The pipe_init_terminal function in main.c in s3dvt allows local users ...

GHSA-5www-87m9-2c36

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 14%

0.00046

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264