CVE-2014-8165
powerpc-utils-python: arbitrary code execution due to unpickling untrusted input
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
scripts/amsvis/powerpcAMS/amsnet.py en powerpc-utils-python utiliza el módulo pickle Python de forma insegura, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto serializado manipulado.
It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-10-10 CVE Reserved
- 2015-02-19 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/02/09/4 | Mailing List |
|
| http://www.securityfocus.com/bid/72537 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100788 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2607.html | 2023-02-13 | |
| http://sourceforge.net/p/powerpc-utils/mailman/message/32884230 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1073139 | 2016-11-03 | |
| https://access.redhat.com/security/cve/CVE-2014-8165 | 2016-11-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Powerpc-utils Project Search vendor "Powerpc-utils Project" | Powerpc-utils Search vendor "Powerpc-utils Project" for product "Powerpc-utils" | - | - |
Affected
| ||||||