CVE-2014-0181

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.14.1

Description The Netlink implementation in the Linux kernel does not provide a mechanism for authorizing socket operations based on the opener of a socket. This allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the stdout or stderr of a setuid program.

Recommendations For Linux kernel versions through 3.14.1, update to a version later than 3.14.1 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1602

ALT-PU-2014-2064

CESA-2014_1023

CESA-2014_1392

CVE-2014-0181

MGASA-2014-0273

MGASA-2014-0330

MGASA-2014-0331

MGASA-2014-0332

OPENSUSE-SU-2014_1677-1

RHSA-2014:0913

RHSA-2014:1023

RHSA-2014:1392

RHSA-2014:1959

RHSA-2014_1023

RHSA-2014_1392

RHSA-2014_1959

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2336-1

USN-2337-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2014-0181

Weakness Enumeration

Related Identifiers

Affected Products

References · 603