NVD Vulnerability Detail

CVE-2014-3519

Summary	The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure.
Publication Date	Feb. 2, 2018, 2:29 a.m.
Registration Date	Jan. 26, 2021, 3:10 p.m.
Last Update	Nov. 21, 2024, 11:08 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:openvz:vzkernel:2.6.32:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2014/06/24/16	Mailing List Mitigation Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2014/06/24/16	Mailing List Mitigation Third Party Advisory
3	http://www.securityfocus.com/bid/68171	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/68171	Third Party Advisory VDB Entry
5	https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-	Release Notes Vendor Advisory
6	https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-	Release Notes Vendor Advisory
7	https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update	Release Notes Vendor Advisory
8	https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update	Release Notes Vendor Advisory
9	https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update	Release Notes Vendor Advisory
10	https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update	Release Notes Vendor Advisory
11	https://openvz.org/Download/kernel/rhel6/042stab090.5	Patch Release Notes Vendor Advisory
12	https://openvz.org/Download/kernel/rhel6/042stab090.5	Patch Release Notes Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html

JVN Vulnerability Information

Linux Kernel 用 OpenVZ modification の vzkernel におけるアクセス制御に関する脆弱性

Title	Linux Kernel 用 OpenVZ modification の vzkernel におけるアクセス制御に関する脆弱性
Summary	Linux Kernel 用 OpenVZ modification の vzkernel には、アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 24, 2014, midnight
Registration Date	March 13, 2018, 6:05 p.m.
Last Update	March 13, 2018, 6:05 p.m.

Affected System

OpenVZ

vzkernel 042stab090.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-3519	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3519
National Vulnerability Database (NVD)
2	CVE-2014-3519	https://nvd.nist.gov/vuln/detail/CVE-2014-3519

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-284	https://cwe.mitre.org/data/definitions/284.html

ベンダー情報

No	Name	URL
OpenVZ
1	CU-2.6.32-042stab090.5 Parallels Server Bare Metal 5.0 Core Update	https://help.virtuozzo.com/customer/en/portal/articles/2563843-cu-2-6-32-042stab090-5-parallels-server-bare-metal-5-0-core-update
2	CU-2.6.32-042stab090.5 Parallels Virtuozzo Containers 4.7 Core Update	https://help.virtuozzo.com/customer/en/portal/articles/2563842-cu-2-6-32-042stab090-5-parallels-virtuozzo-containers-4-7-core-update
3	Download/kernel/rhel6/042stab090.5	https://openvz.org/Download/kernel/rhel6/042stab090.5
4	Parallels Cloud Server 6.0 Update 6 Hotfix 8 (6.0.6-2004)	https://help.virtuozzo.com/customer/en/portal/articles/2522783-parallels-cloud-server-6-0-update-6-hotfix-8-6-0-6-2004-

Change Log

No	Changed Details	Date of change
1	[2018年03月13日] 掲載	March 13, 2018, 6:05 p.m.