Vulnerability Details : CVE-2014-8612
Potential exploit
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.
Products affected by CVE-2014-8612
- cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8612
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8612
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2014-8612
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8612
-
http://seclists.org/fulldisclosure/2015/Jan/107
Full Disclosure: [CORE-2015-0003] - FreeBSD Kernel Multiple VulnerabilitiesExploit
-
http://www.securityfocus.com/bid/72342
FreeBSD CVE-2014-8612 Local Privilege Escalation Vulnerability
-
http://www.securitytracker.com/id/1031648
FreeBSD SCTP Input Validation Flaw Lets Local Users Gain Elevated Privileges - SecurityTrackerExploit
-
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
Vendor Advisory
-
http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities
FreeBSD Kernel Multiple Vulnerabilities | Core SecurityExploit
-
http://www.securityfocus.com/archive/1/534563/100/0/threaded
SecurityFocus
Jump to