PT-2014-6346 · Linux+3 · Linux Kernel+3

Publicado

2014-08-13

·

Atualizado

2020-08-14

·

CVE-2014-5207

CVSS v2.0

6.2

Média

VetorAV:L/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.16.1
Description The issue allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service via a "mount -o remount" command within a user namespace. This is due to the improper restriction of clearing MNT NODEV, MNT NOSUID, and MNT NOEXEC and changing MNT ATIME MASK during a remount of a bind mount.
Recommendations For Linux kernel versions through 3.16.1, update to a version that contains a fix for this issue to prevent local users from gaining privileges or causing a denial of service.

Exploit

Correção

DoS

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

ALT-PU-2014-2023
ALT-PU-2014-2024
ALT-PU-2014-2025
ALT-PU-2014-2106
ALT-PU-2015-1794
CVE-2014-5207
OPENSUSE-SU-2014_1677-1
USN-2317-1
USN-2318-1

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu