CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/05/2	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 2 (hide)

cpe:2.3:a:midgard-project:midgard2:10.05.7.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-01-26 15:59

Updated : 2024-02-28 12:20

NVD link : CVE-2014-8148

Mitre link : CVE-2014-8148

CVE.ORG link : CVE-2014-8148

JSON object : View

Products Affected

opensuse

opensuse

midgard-project

midgard2

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-8148", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-26T15:59:00.050", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/05/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges."}, {"lang": "es", "value": "La regla del control de acceso a D-Bus por defecto en Midgard2 10.05.7.1 permite a usuarios locales enviar llamadas o se\u00f1ales de m\u00e9todo arbitrarias a cualquier proceso en el bus del sistema y posiblemente ejecutar c\u00f3digo arbitrario con privilegios de root."}], "lastModified": "2018-10-30T16:27:35.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:midgard-project:midgard2:10.05.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "367C82E3-9514-46C1-B517-14C7515236A1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}