CVE-2014-0181

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (5^th)

Affected Products 7

Advisories 39

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-04-27 00:55:05
(10 years ago)
Updated Date: 2023-04-16 15:15:56
(17 months ago)

Affected Products

Linux

Linux Kernel

Opensuse

Evergreen

Redhat

Suse

Configuration #1

		CPE23	From	Up To
	Linux Kernel 3.14.1 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 3.14.1

Configuration #2

		CPE23	From	Up To
	Opensuse Evergreen 11.4	cpe:2.3:o:opensuse:evergreen:11.4
	Redhat Enterprise Linux Desktop 5	cpe:2.3:o:redhat:enterprise_linux_desktop:5
	Redhat Enterprise Linux Server 5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0
	Suse Linux Enterprise Real Time Extension 11 SP3	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
	Suse Linux Enterprise Server 10 SP4	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::ltss
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss
	Suse Linux Enterprise Server 11	cpe:2.3:o:suse:suse_linux_enterprise_server:11