CVE-2014-3215 — Privilege Context Switching Error in Policycoreutils

CWE-264 CWE-270 — Privilege Context Switching Error5 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 78.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Selinuxproject Policycoreutils Debian Policycoreutils

Timeline

PublishedMay 8

Latest updateMay 14

Description

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/policycoreutils

▶NVDselinuxproject/policycoreutils2.2.5

🔴Vulnerability Details

GHSA

GHSA-h57c-m953-4q5h: seunshare in policycoreutils 2↗2022-05-14

▶

📋Vendor Advisories

Debian

CVE-2014-3215: policycoreutils - seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and e...↗2014

▶

Red Hat

policycoreutils: local privilege escalation via seunshare↗2012-12-08

▶

💬Community

Bugzilla

CVE-2014-3215 policycoreutils: local privilege escalation via seunshare↗2014-05-08

▶