Vulnerability CVE-2014-9273


Published: 2014-12-08

Description:
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Redhat
Product: Enterprise linux server 
Version: 7.0; 6.0;
Product: Enterprise linux workstation 
Version: 7.0; 6.0;
Product: Enterprise linux desktop 
Version: 7.0; 6.0;
Product: Enterprise linux hpc node 
Version: 6.0;
Vendor: Novell
Product: Opensuse 
Version: 13.2; 13.1;
Vendor: Opensuse
Product: Opensuse 
Version: 13.2; 13.1;
Vendor: Debian
Product: Hivex 
Version: 1.3.10-2;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html
http://rhn.redhat.com/errata/RHSA-2015-0301.html
http://rhn.redhat.com/errata/RHSA-2015-1378.html
http://www.openwall.com/lists/oss-security/2014/11/25/6
http://www.openwall.com/lists/oss-security/2014/12/04/14
http://www.securityfocus.com/bid/71279
https://bugzilla.redhat.com/show_bug.cgi?id=1167756
https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb
https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705
https://security.gentoo.org/glsa/201503-07
https://www.redhat.com/archives/libguestfs/2014-October/msg00235.html

Related CVE
CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja...
CVE-2019-3839
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o...
CVE-2019-11766
dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.
CVE-2019-11627
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2019-3902
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
CVE-2019-11455
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of se...
CVE-2019-11454
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Ba...

Copyright 2019, cxsecurity.com

 

Back to Top