QwikSec

Security Database

CVE

CWE

Training

CVE-2014-4014

Published: Jun 23, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://source.android.com/security/bulletin/2016-12-01.html

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

exploit

x_refsource_EXPLOIT-DB

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8

x_refsource_CONFIRM

https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=1107966

x_refsource_CONFIRM

[oss-security] 20140610 CVE-2014-4014: Linux kernel user namespace bug

mailing-list

x_refsource_MLIST

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=23adbe12ef7d3d4195e80800ab36b37bee28cd03

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.