Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0470

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2014-0470
Last Modified 18 Jul 2014 02:40:19
Published 30 Apr 2014 10:22:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-0470

Summary

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.

Vulnerable Systems

Application

  • Super Project Super 3.30.0


References

MLIST - [oss-security] 20140428 super unchecked setuid (CVE-2014-0470)

DEBIAN - DSA-2917


Last Updated: 27 May 2016 11:05:08