CVE-2014-8989 in Kernelinfo

Zusammenfassung (Englisch)

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

Be aware that VulDB is the high quality source for vulnerability data.

Reservieren

19.11.2014

Veröffentlichung

29.11.2014

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
68567	Linux Kernel Supplemental Group erweiterte Rechte	264	Unbewiesen	Offizieller Fix	CVE-2014-8989

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

MITRE
NVD
CVE Details

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!