The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
References
Configurations
History
21 Nov 2024, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.suse.com/show_bug.cgi?id=910500 - | |
References | () https://lists.opensuse.org/opensuse-updates/2015-02/msg00069.html - |
07 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.suse.com/show_bug.cgi?id=910500 - | |
References | () https://lists.opensuse.org/opensuse-updates/2015-02/msg00069.html - |
Information
Published : 2018-06-08 17:29
Updated : 2024-11-21 02:11
NVD link : CVE-2014-5220
Mitre link : CVE-2014-5220
CVE.ORG link : CVE-2014-5220
JSON object : View
Products Affected
opensuse
- opensuse
mdadm_project
- mdadm
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')