CVE-2014-3215 : seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and e

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.

Published 2014-05-08 10:55:05

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-3215

Selinuxproject » Policycoreutils » Version: 2.2.5
cpe:2.3:a:selinuxproject:policycoreutils:2.2.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3215

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3215

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2014-3215

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3215

http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html

openSUSE-SU-2014:0749-1: moderate: libcap-ng:policycoreutils setuid() fi
http://www.mandriva.com/security/advisories?name=MDVSA-2015:156

mandriva.com
http://openwall.com/lists/oss-security/2014/05/08/1

oss-security - Re: local privilege escalation due to capng_lock as used in seunshare
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016

CVEs referencing this url
http://www.securityfocus.com/bid/67341

policycoreutils seunshare CVE-2014-3215 Local Privilege Escalation Vulnerability
http://openwall.com/lists/oss-security/2014/04/29/7

oss-security - local privilege escalation due to capng_lock as used in seunshare
http://rhn.redhat.com/errata/RHSA-2015-0864.html

RHSA-2015:0864 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://secunia.com/advisories/59007

Sign in
http://openwall.com/lists/oss-security/2014/04/30/4

oss-security - Re: local privilege escalation due to capng_lock as used in seunshare
http://advisories.mageia.org/MGASA-2014-0251.html

Mageia Advisory: MGASA-2014-0251 - Updated libcap-ng packages fix CVE-2014-3215

Jump to

Vulnerability Details : CVE-2014-3215

Products affected by CVE-2014-3215

Exploit prediction scoring system (EPSS) score for CVE-2014-3215

CVSS scores for CVE-2014-3215

CWE ids for CVE-2014-3215

References for CVE-2014-3215