Wind River Support Network

HomeDefectsLIN6-8876
Fixed

LIN6-8876 : Security Advisory - linux - CVE-2014-8989

Created: Dec 1, 2014    Updated: Dec 3, 2018
Resolved Date: Feb 10, 2015
Found In Version: 6.0.0.13
Fix Version: 6.0.0.18
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel

Description

The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a negative groups issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8989

Other Downloads


Live chat
Online