CVE-2014-0181
kernel: net: insufficient permision checks of netlink messages
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
La implementación Netlink en el kernel de Linux hasta 3.14.1 no proporciona un mecanismo para autorizar operaciones socket basadas en el abridor de un socket, lo que permite a usuarios locales evadir restricciones de acceso y modificar configuraciones de red mediante el uso de un socket Netlink para (1) stdout o (2) stderr de un programa setuid.
It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-04-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://marc.info/?l=linux-netdev&m=139828832919748&w=2 | Mailing List | |
http://www.openwall.com/lists/oss-security/2014/04/23/6 | Mailing List | |
http://www.openwall.com/lists/oss-security/2023/04/16/3 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e | 2023-04-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.14.1 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.14.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Evergreen Search vendor "Opensuse" for product "Evergreen" | 11.4 Search vendor "Opensuse" for product "Evergreen" and version "11.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Real Time Extension Search vendor "Suse" for product "Linux Enterprise Real Time Extension" | 11 Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "11" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10" | sp4, ltss |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp1, ltss |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | - |
Affected
|