Vulnerability Description
Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icecast | Icecast | <= 2.3.3 |
Related Weaknesses (CWE)
References
- http://icecast.org/news/icecast-release-2_4_0/Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00037.html
- http://seclists.org/oss-sec/2014/q4/794
- http://seclists.org/oss-sec/2014/q4/802
- https://bugzilla.redhat.com/show_bug.cgi?id=1168146
- https://trac.xiph.org/changeset/19137/Exploit
- http://icecast.org/news/icecast-release-2_4_0/Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00037.html
- http://seclists.org/oss-sec/2014/q4/794
- http://seclists.org/oss-sec/2014/q4/802
- https://bugzilla.redhat.com/show_bug.cgi?id=1168146
- https://trac.xiph.org/changeset/19137/Exploit
FAQ
What is CVE-2014-9091?
CVE-2014-9091 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors.
How severe is CVE-2014-9091?
CVE-2014-9091 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9091?
Check the references section above for vendor advisories and patch information. Affected products include: Icecast Icecast.