CVE-2014-4014 Information
Description
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes which allows local users to bypass intended chmod restrictions by first creating a user namespace as demonstrated by setting the setgid bit on a file with group ownership of root.
Reference
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=23adbe12ef7d3d4195e80800ab36b37bee28cd03 http://secunia.com/advisories/59220 http://www.exploit-db.com/exploits/33824 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8 http://www.openwall.com/lists/oss-security/2014/06/10/4 http://www.securityfocus.com/bid/67988 http://www.securitytracker.com/id/1030394 https://bugzilla.redhat.com/show_bug.cgi?id=1107966 https://github.com/torvalds/linux/commit/23adbe12ef7d3d4195e80800ab36b37bee28cd03 https://source.android.com/security/bulletin/2016-12-01.html
Share on: