host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-02T01:00:00
Updated: 2024-08-06T11:41:47.953Z
Reserved: 2014-08-16T00:00:00
Link: CVE-2014-5284
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-12-02T01:59:04.763
Modified: 2024-11-21T02:11:47.170
Link: CVE-2014-5284
Redhat
No data.