PT-2015-4012 · Midgard+1 · Midgard2+1

Simon Mcvittie

Published

2015-01-26

Updated

2024-06-15

CVE-2014-8148

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Midgard2 version 10.05.7.1

Description The default D-Bus access control rule in Midgard2 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.

Recommendations For Midgard2 version 10.05.7.1, consider modifying the D-Bus access control rule to restrict local users from sending arbitrary method calls or signals to any process on the system bus. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-8148

OPENSUSE-SU-2024:10517-1

Affected Products

Midgard2

Suse

PT-2015-4012 · Midgard+1 · Midgard2+1

CVE-2014-8148

Weakness Enumeration

Related Identifiers

Affected Products

References · 22