CVE-2014-7300

{"id": "CVE-2014-7300", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-25T21:59:02.937", "references": [{"url": "http://openwall.com/lists/oss-security/2014/09/29/17", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "http://openwall.com/lists/oss-security/2014/09/29/17", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0535.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=737456", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=a72dca361080ffc9f45ff90188a7cf013c3c4013", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.gnome.org/browse/gnome-shell/commit/?id=f02b007337e61436aaa0e81a86ad707b6d277378", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer."}, {"lang": "es", "value": "GNOME Shell 3.14.x anterior a 3.14.1, cuando se utiliza la caracter\u00edstica Screen Lock, no se limita el consumo de memoria para todas las peticiones activas PrtSc , lo que permite a atacantes cercanos f\u00edsicamente ejecutar comandos arbitrarios en una estaci\u00f3n de trabajo desatendida haciendo numerosas peticiones PrtSc y aprovechando un bloqueo temporal, y la disponibilidad de una shell resultante temporal, causada por Linux kernel OOM killer."}], "lastModified": "2024-11-21T02:16:42.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:gnome-shell:3.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD535807-17D9-4599-AEAE-5CC7FD3FF5A3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}