CVE-2014-9273 — MEDIUM (4.6)

Q: What is CVE-2014-9273?

CVE-2014-9273 is a vulnerability with a CVSS score of 4.6 (MEDIUM). lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

Q: How severe is CVE-2014-9273?

CVE-2014-9273 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-9273?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Opensuse	Opensuse	13.1
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Hpc Node	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Debian	Hivex	<= 1.3.10-2

Related Weaknesses (CWE)

CWE-119

References

http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0301.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1378.htmlThird Party Advisory
http://secunia.com/advisories/62792
http://www.openwall.com/lists/oss-security/2014/11/25/6Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/12/04/14Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/71279
https://bugzilla.redhat.com/show_bug.cgi?id=1167756Issue Tracking
https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607ExploitIssue TrackingPatch
https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bdExploitIssue TrackingPatch
https://security.gentoo.org/glsa/201503-07
https://www.redhat.com/archives/libguestfs/2014-October/msg00235.htmlVendor Advisory
http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0301.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1378.htmlThird Party Advisory

FAQ

What is CVE-2014-9273?

CVE-2014-9273 is a vulnerability with a CVSS score of 4.6 (MEDIUM). lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.

How severe is CVE-2014-9273?

CVE-2014-9273 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9273?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.