CVE-2014-5284

Опубликовано: 02 дек. 2014

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.

Ссылки

http://packetstormsecurity.com/files/129111/OSSEC-2.8-Privilege-Escalation.html
Exploit
http://www.exploit-db.com/exploits/35234
Exploit
https://github.com/ossec/ossec-hids/releases/tag/2.8.1
Patch
Vendor Advisory
http://packetstormsecurity.com/files/129111/OSSEC-2.8-Privilege-Escalation.html
Exploit
http://www.exploit-db.com/exploits/35234
Exploit
https://github.com/ossec/ossec-hids/releases/tag/2.8.1
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ossec:ossec:*:*:*:*:*:*:*:*

Версия до 2.8.0 (включая)

EPSS

Процентиль: 93%

0.09659

Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2014-5284

debian

около 11 лет назад

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with pred ...

GHSA-c37w-36r4-fj2g

github

больше 3 лет назад