Main Vulnerability Database Exploits ID:4059 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel - CVE-2014-5207

ID:4059 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel - CVE-2014-5207

Published: August 11, 2020

Vulnerability identifier: #VU41395

Vulnerability risk: Low

CVE-ID: CVE-2014-5207

CWE-ID: CWE-264

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/34923/

Vulnerability description

The vulnerability allows a local #AU# to execute arbitrary code.

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.

Remediation

Install update from vendor's website.

ID:4059 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel - CVE-2014-5207

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human