Vulnerability Details : CVE-2014-2079
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
Products affected by CVE-2014-2079
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:x_file_explorer_project:x_file_explorer:1.32.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2079
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2079
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2014-2079
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2079
-
http://www.openwall.com/lists/oss-security/2014/02/24/5
oss-security - Re: xfe: directory masks ignored when creating new files on Samba and NFSMailing List;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/91519
X File Explorer File New dialogue security bypass CVE-2014-2079 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536
#739536 - xfe: CVE-2014-2079: directory masks ignored when creating new files on Samba and NFS - Debian Bug report logsMailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1069066
1069066 – (CVE-2014-2079) CVE-2014-2079 xfe: directory masks ignored when creating new files on Samba and NFSIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/65748
X File Explorer 'FilePanel::onCmdNewFile' Function Access Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to