The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
16 Apr 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-04-27 00:55
Updated : 2024-02-04 18:35
NVD link : CVE-2014-0181
Mitre link : CVE-2014-0181
CVE.ORG link : CVE-2014-0181
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_desktop
suse
- suse_linux_enterprise_server
- linux_enterprise_real_time_extension
- linux_enterprise_server
opensuse
- evergreen
linux
- linux_kernel
CWE
CWE-264
Permissions, Privileges, and Access Controls