Published: 23/06/2014 Updated: 07/11/2023

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 625

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

The capabilities implementation in the Linux kernel prior to 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Debian Bug report logs - #751417 linux-image-320-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ) on MIPS (CVE-2014-4157) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Plamen Alexandrov <plamen@aomedacom> Date: Thu, 12 Jun 2014 16:21:01 ...

arch/x86/kernel/entry_32S in the Linux kernel through 3151 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 Array index error in the aio_read_events_ring function in ...

Several security issues were fixed in the kernel ...

The capabilities implementation in the Linux kernel before 3148 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root ...

/** * CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC * * Vitaly Nikolenko * hashcrackorg * * Usage: /poc [file_path] * * where file_path is the file on which you want to set the sgid bit */ #define _GNU_SOURCE #include <sys/waith> #include <schedh> #include <stdioh> #include <stdlibh> #inclu ...

Linux Kernel versions 313 and below local privilege escalation proof of concept exploit ...

cve-2014-4014

duasyntcom/blog/cve-2014-4014-local-privilege-escalation

CWE-264 https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8 https://bugzilla.redhat.com/show_bug.cgi?id=1107966 http://www.openwall.com/lists/oss-security/2014/06/10/4 http://www.securitytracker.com/id/1030394 http://www.securityfocus.com/bid/67988 http://www.exploit-db.com/exploits/33824 http://secunia.com/advisories/59220 https://source.android.com/security/bulletin/2016-12-01.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751417 https://nvd.nist.gov https://github.com/vnik5287/cve-2014-4014-privesc https://www.exploit-db.com/exploits/33824/https://access.redhat.com/security/cve/cve-2014-4014 https://alas.aws.amazon.com/ALAS-2014-368.html https://usn.ubuntu.com/2286-1/

CVE-2014-4014

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect