Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2209

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-2209
Last Modified 30 Dec 2014 10:28:45
Published 28 Dec 2014 10:59:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2209

Summary

Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

Vulnerable Systems

Application

  • Facebook Hiphop Virtual Machine 3.0.1


References

CONFIRM - https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946


Last Updated: 27 May 2016 11:07:22