{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20150209 CVE-2014-8165: remote code execution in powerpc-utils-python", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/02/09/4"}, {"name": "[Powerpc-utils-devel] 20140930 [RFC PATCH] amsvis/amsnet: Replace pickle with json", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/"}, {"name": "powerpcutils-cve20148165-code-exec(100788)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100788"}, {"name": "RHSA-2016:2607", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2607.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"}, {"name": "72537", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72537"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.113Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20150209 CVE-2014-8165: remote code execution in powerpc-utils-python", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/02/09/4"}, {"name": "[Powerpc-utils-devel] 20140930 [RFC PATCH] amsvis/amsnet: Replace pickle with json", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/"}, {"name": "powerpcutils-cve20148165-code-exec(100788)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100788"}, {"name": "RHSA-2016:2607", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2607.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"}, {"name": "72537", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72537"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8165", "datePublished": "2015-02-19T15:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:51.113Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:powerpc-utils_project:powerpc-utils:-:*:*:*:*:*:*:*", "matchCriteriaId": "D80096C2-CE49-416F-AC36-F01A81CB27C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object."}, {"lang": "es", "value": "scripts/amsvis/powerpcAMS/amsnet.py en powerpc-utils-python utiliza el m\u00f3dulo pickle Python de forma insegura, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto serializado manipulado."}], "id": "CVE-2014-8165", "lastModified": "2024-11-21T02:18:41.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-19T15:59:05.237", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2607.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/02/09/4"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/72537"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2607.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/02/09/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100788"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Dhiru Kholia (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2016:2607", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "powerpc-utils-python-0:1.2.1-9.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}], "bugzilla": {"description": "powerpc-utils-python: arbitrary code execution due to unpickling untrusted input", "id": "1073139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-502", "details": ["scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.", "It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process."], "name": "CVE-2014-8165", "public_date": "2014-09-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8165\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8165"], "statement": "This issue affects the versions of powerpc-utils-python as shipped with Red Hat Enterprise Linux 7 for Power. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}