CVE-2014-1425

cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.ubuntu.com/usn/USN-2451-1	Vendor Advisory
http://www.ubuntu.com/usn/USN-2451-1	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxcontainers:cgmanager:0.32:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://www.ubuntu.com/usn/USN-2451-1 - Vendor Advisory~~	() http://www.ubuntu.com/usn/USN-2451-1 - Vendor Advisory

Information

Published : 2015-01-07 19:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-1425

Mitre link : CVE-2014-1425

CVE.ORG link : CVE-2014-1425

JSON object : View

Products Affected

canonical

ubuntu_linux

linuxcontainers

cgmanager

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-1425", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-07T19:59:00.057", "references": [{"url": "http://www.ubuntu.com/usn/USN-2451-1", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.ubuntu.com/usn/USN-2451-1", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors."}, {"lang": "es", "value": "cmanager 0.32 no fuerza correctamente el anidado cuando modifique las propiedades cgroup, lo que permite a usuarios locales configurar los valores cgroup para todos los cgroups a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxcontainers:cgmanager:0.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEB0EECE-2A87-4605-9050-106CA7CBBDBA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}

2.1 /10