Vulnerability Description
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S3Dvt Project | S3Dvt | <= 0.2.2 |
Related Weaknesses (CWE)
References
- http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.htmlThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Jun/12Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/06/03/13Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/532278/100/0/threaded
- http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.htmlThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Jun/12Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/06/03/13Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/532278/100/0/threaded
FAQ
What is CVE-2014-1226?
CVE-2014-1226 is a vulnerability with a CVSS score of 7.8 (HIGH). The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of...
How severe is CVE-2014-1226?
CVE-2014-1226 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1226?
Check the references section above for vendor advisories and patch information. Affected products include: S3Dvt Project S3Dvt.