PT-2014-8769 · Linux+3 · Linux Kernel+3

Published

2014-11-24

·

Updated

2017-01-03

·

CVE-2014-8989

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.17.5
Description The issue allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category. This is related to certain namespace scenarios where the Linux kernel does not properly restrict dropping of supplemental group memberships.
Recommendations For Linux kernel versions prior to 3.17.5, update to version 3.17.5 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-2381
ALT-PU-2015-1794
CVE-2014-8989
MGASA-2015-0070
MGASA-2015-0075
MGASA-2015-0076
MGASA-2015-0077
MGASA-2015-0078
OPENSUSE-SU-2016_0301-1
OPENSUSE-SU-2016_0318-1
USN-2515-1
USN-2516-1
USN-2516-2
USN-2516-3
USN-2517-1
USN-2518-1

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu