CVE-2014-3980

libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2014/06/06/11
https://github.com/ueno/libfep/commit/293d9d3f
http://www.openwall.com/lists/oss-security/2014/06/05/16
http://www.securityfocus.com/bid/67903

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:daiki_ueno:libfep:0.0.5:::::::*
	cpe:2.3:a:daiki_ueno:libfep:0.0.6:::::::*
	cpe:2.3:a:daiki_ueno:libfep:0.0.8:::::::*
	cpe:2.3:a:daiki_ueno:libfep:0.0.7:::::::*
	cpe:2.3:a:daiki_ueno:libfep:0.0.9:::::::*

Information

Published : 2014-06-11 07:55

Updated : 2014-06-12 10:37

NVD link : CVE-2014-3980

Mitre link : CVE-2014-3980

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

daiki_ueno

libfep

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2014/06/06/11", "name": "[oss-security] 20140606 Re: [CVE request] Local privilege escalation in libfep", "tags": [], "refsource": "MLIST"}, {"url": "https://github.com/ueno/libfep/commit/293d9d3f", "name": "https://github.com/ueno/libfep/commit/293d9d3f", "tags": [], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2014/06/05/16", "name": "[oss-security] 20140603 [CVE request] Local privilege escalation in libfep", "tags": [], "refsource": "MLIST"}, {"url": "http://www.securityfocus.com/bid/67903", "name": "67903", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3980", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-06-11T14:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:daiki_ueno:libfep:0.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:daiki_ueno:libfep:0.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:daiki_ueno:libfep:0.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:daiki_ueno:libfep:0.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:daiki_ueno:libfep:0.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-06-12T17:37Z"}