PT-2014-6346 · Linux+3 · Linux Kernel+3

Published

2014-08-13

·

Updated

2020-08-14

·

CVE-2014-5207

CVSS v2.0

6.2

Medium

VectorAV:L/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.16.1
Description The issue allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service via a "mount -o remount" command within a user namespace. This is due to the improper restriction of clearing MNT NODEV, MNT NOSUID, and MNT NOEXEC and changing MNT ATIME MASK during a remount of a bind mount.
Recommendations For Linux kernel versions through 3.16.1, update to a version that contains a fix for this issue to prevent local users from gaining privileges or causing a denial of service.

Exploit

Fix

DoS

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2014-2023
ALT-PU-2014-2024
ALT-PU-2014-2025
ALT-PU-2014-2106
ALT-PU-2015-1794
CVE-2014-5207
OPENSUSE-SU-2014_1677-1
USN-2317-1
USN-2318-1

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu