CVE-2014-4014

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

6.2medium2.0

0246810

CVSS Score: 6.2/10

All CVSS Scores

CVSS 2.0

6.2

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Description

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvdubuntu

CWEs

CWE-264

Related Vulnerabilities

BDU:2015-05685 BDU:2015-05686 BDU:2015-05687 BDU:2015-05688 BDU:2015-05689 BDU:2015-05690 BDU:2015-05691 BDU:2015-05692 BDU:2015-05693 BDU:2015-05694 BDU:2015-05695 BDU:2015-05696 BDU:2015-05697 BDU:2015-05698 BDU:2015-05699 BDU:2015-05700 BDU:2015-05701 BDU:2015-05702 BDU:2015-05703 BDU:2015-05704 BDU:2015-05705 BDU:2015-05706 BDU:2015-05707 BDU:2015-05708 BDU:2015-05709 BDU:2015-05710 BDU:2015-05711 BDU:2015-05712 BDU:2015-05713 BDU:2015-05714 BDU:2015-05715 BDU:2015-05716 BDU:2015-05717 BDU:2015-05718 BDU:2015-05719 BDU:2015-05720 BDU:2015-05721 BDU:2015-05722 BDU:2015-05723 BDU:2015-05724 BDU:2015-05725 BDU:2015-05726 BDU:2015-05727 BDU:2015-05728 BDU:2015-05729 BDU:2015-05730 BDU:2015-05731 BDU:2015-05732 BDU:2015-05733 BDU:2015-05734 BDU:2015-05735 BDU:2015-05736 BDU:2015-05737 BDU:2015-05738 BDU:2015-05739 BDU:2015-05740 BDU:2015-05741 BDU:2015-05742 BDU:2015-05743 BDU:2015-05744 BDU:2015-05745 BDU:2015-05746 BDU:2015-05747 BDU:2015-05748 BDU:2015-05749 BDU:2015-05750 BDU:2015-05751 BDU:2015-05752 BDU:2015-05753 BDU:2015-05754 BDU:2015-05755 BDU:2015-05756 BDU:2015-05757 BDU:2015-05758 BDU:2015-05759 BDU:2015-05760 BDU:2015-05761 BDU:2015-05762 BDU:2015-05763 BDU:2015-05764 BDU:2015-05765 BDU:2015-05766 BDU:2015-05767 BDU:2015-05768 BDU:2015-05769 BDU:2015-05770 BDU:2015-05771 BDU:2015-05772 BDU:2015-05773 BDU:2015-05774 BDU:2015-05775 BDU:2015-05776 BDU:2015-05777 BDU:2015-05778 BDU:2015-05779 BDU:2015-05780 BDU:2015-05781 BDU:2015-05782 BDU:2015-05783 BDU:2015-05784 BDU:2015-05785 BDU:2015-05786 BDU:2015-05787 BDU:2015-05788 BDU:2015-05789 BDU:2015-05790 BDU:2015-05791 BDU:2015-05792 BDU:2015-05793 BDU:2015-05794 BDU:2015-05795 BDU:2015-05796 BDU:2015-05797 BDU:2015-05798 BDU:2015-05799 BDU:2015-05800 BDU:2015-05801 BDU:2015-05802 BDU:2015-05803 BDU:2015-05804 BDU:2015-05805 BDU:2015-05806 BDU:2015-05807 BDU:2015-05808 BDU:2015-05809 BDU:2015-05810 BDU:2015-05811 BDU:2015-05812 BDU:2015-05813 BDU:2015-05814 BDU:2015-05815 BDU:2015-05816 BDU:2015-05817 BDU:2015-05818 BDU:2015-05819 BDU:2015-05820 BDU:2015-05821 BDU:2015-05822 BDU:2015-05823 BDU:2015-05824 BDU:2015-05825 BDU:2015-05826 BDU:2015-05827 BDU:2015-05828 BDU:2015-05829 BDU:2015-05830 BDU:2015-05831 BDU:2015-05832 BDU:2015-05833 BDU:2015-05834 BDU:2015-05835 BDU:2015-05836 BDU:2015-05837 BDU:2015-05838 BDU:2015-05839 BDU:2015-05840 BDU:2015-05841 BDU:2015-05842 BDU:2015-05843

Exploits

Exploit ID: 33824

Source: exploitdb

URL: https://www.exploit-db.com/exploits/33824

Exploit ID: CVE-2014-4014

Source: github-poc

URL: https://github.com/vnik5287/cve-2014-4014-privesc

Vulnerable Software (53)

Type: Configuration

Product: linux

Operating System: ubuntu trusty 14.04

Trait:

{  "fixed": "3.13.0-35.62"}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu utopic 14.10

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu vivid 15.04

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu wily 15.10

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu xenial 16.04

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu yakkety 16.10

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu zesty 17.04

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: debian wheezy 7

Trait:

{  "unaffected": true}

Source: debian

Type: Configuration

Product: linux

Operating System: debian

Trait:

{  "fixed": "3.14.7-1"}

Source: debian

Type: Configuration

Product: linux-2.6

Operating System: debian

Trait:

{  "unaffected": true}

Source: debian

Type: Configuration

Vendor: linux

Product: linux_kernel

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",      "versionEndExcluding": "3.14.8",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2014-4014

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (53)