SB2014062305 - Multiple vulnerabilities in Linux kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014062305

SB2014062305 - Multiple vulnerabilities in Linux kernel

Published: June 23, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014062305
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-4157)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-4014)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.


Remediation

Install update from vendor's website.

References