Vulnerability CVE-2014-9273


Published: 2014-12-08

Description:
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Redhat
Product: Enterprise linux server 
Version: 7.0; 6.0;
Product: Enterprise linux workstation 
Version: 7.0; 6.0;
Product: Enterprise linux desktop 
Version: 7.0; 6.0;
Product: Enterprise linux hpc node 
Version: 6.0;
Vendor: Novell
Product: Opensuse 
Version: 13.2; 13.1;
Vendor: Opensuse
Product: Opensuse 
Version: 13.2; 13.1;
Vendor: Debian
Product: Hivex 
Version: 1.3.10-2;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html
http://rhn.redhat.com/errata/RHSA-2015-0301.html
http://rhn.redhat.com/errata/RHSA-2015-1378.html
http://www.openwall.com/lists/oss-security/2014/11/25/6
http://www.openwall.com/lists/oss-security/2014/12/04/14
http://www.securityfocus.com/bid/71279
https://bugzilla.redhat.com/show_bug.cgi?id=1167756
https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb
https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705
https://security.gentoo.org/glsa/201503-07
https://www.redhat.com/archives/libguestfs/2014-October/msg00235.html

Related CVE
CVE-2019-14809
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is relate...
CVE-2017-18509
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbi...
CVE-2019-11042
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...
CVE-2019-11041
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contri...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated ...
CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable sy...
CVE-2019-13917
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

Copyright 2019, cxsecurity.com

 

Back to Top