PT-2014-6345 · Linux+3 · Linux Kernel+3

Kenton Varda

Publicado

2014-08-13

Atualizado

2023-08-25

CVE-2014-5206

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.16.2

Description The issue allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms. This is achieved via a "mount -o remount" command within a user namespace, exploiting the fact that the do remount function in fs/namespace.c does not maintain the MNT LOCK READONLY bit across a remount of a bind mount.

Recommendations For Linux kernel versions prior to 3.16.2, update to version 3.16.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "mount -o remount" command within user namespaces to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

ALT-PU-2014-2023

ALT-PU-2014-2024

ALT-PU-2014-2025

ALT-PU-2014-2106

ALT-PU-2015-1794

CVE-2014-5206

OPENSUSE-SU-2014_1677-1

USN-2317-1

USN-2318-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2014-6345 · Linux+3 · Linux Kernel+3

CVE-2014-5206

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26