Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8165

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-8165
Last Modified 20 Feb 2015 07:04:05
Published 19 Feb 2015 10:59:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8165

Summary

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

Vulnerable Systems

Application

  • Powerpc-utils Project Powerpc-utils -


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1073139

XF - powerpcutils-cve20148165-code-exec(100788)

BID - 72537

MLIST - [oss-security] 20150209 CVE-2014-8165: remote code execution in powerpc-utils-python

MLIST - [Powerpc-utils-devel] 20140930 [RFC PATCH] amsvis/amsnet: Replace pickle with json


Last Updated: 27 May 2016 11:07:54