Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0181

Опубликовано: 23 апр. 2014
Источник: redhat
CVSS2: 1.2
EPSS Низкий

Описание

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1094265kernel: net: insufficient permision checks of netlink messages

EPSS

Процентиль: 6%
0.00027
Низкий

1.2 Low

CVSS2

Связанные уязвимости

ubuntu
больше 11 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

nvd
больше 11 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

debian
больше 11 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not ...

github
около 3 лет назад

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

oracle-oval
больше 10 лет назад

ELSA-2014-1959: kernel security and bug fix update (MODERATE)

EPSS

Процентиль: 6%
0.00027
Низкий

1.2 Low

CVSS2