// For flags

CVE-2014-5284

OSSEC 2.8 - 'hosts.deny' Local Privilege Escalation

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.

host-deny.sh en OSSEC anterior a 2.8.1 escribe a ficheros temporales con nombres de ficheros previsibles sin verificar su dueño, lo que permite a usuarios locales modificar las restricciones de acceso en hosts.deny y ganar privilegios de root mediante la creación de los ficheros temporales antes de que se realice el bloqueo IP automático.

OSSEC version 2.8 suffers from a privilege escalation vulnerability via insecure temporary file creation.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-08-16 CVE Reserved
  • 2014-11-14 CVE Published
  • 2014-11-14 First Exploit
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ossec
Search vendor "Ossec"
 Ossec
Search vendor "Ossec" for product "Ossec"
 <= 2.8.0
Search vendor "Ossec" for product "Ossec" and version " <= 2.8.0"
-
Affected