CVE-2014-5220

Опубликовано: 17 дек. 2014

Источник: redhat

CVSS3: 6.6

EPSS Низкий

Описание

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	mdadm	Not affected
Red Hat Enterprise Linux 6	mdadm	Not affected
Red Hat Enterprise Linux 7	mdadm	Not affected
Red Hat Enterprise Linux 8	mdadm	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1589839mdadm: Improper sanitization of device names allows arbitrary command execution

EPSS

Процентиль: 37%

0.00158

Низкий

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2014-5220

CVSS3: 7.8

ubuntu

больше 7 лет назад

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

CVE-2014-5220

CVSS3: 7.8

nvd

больше 7 лет назад

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

CVE-2014-5220

CVSS3: 7.8

debian

больше 7 лет назад

The mdcheck script of the mdadm package for openSUSE 13.2 prior to ver ...

GHSA-m32j-rvq2-jpp7

CVSS3: 7.8

github

больше 3 лет назад

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

EPSS

Процентиль: 37%

0.00158

Низкий

6.6 Medium

CVSS3