NVD Vulnerability Detail

CVE-2014-4867

Summary	Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program.
Publication Date	Oct. 10, 2014, 7:55 p.m.
Registration Date	Jan. 26, 2021, 3:13 p.m.
Last Update	Nov. 21, 2024, 11:11 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.2:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.3:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:a::::::
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:a::::::
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.4:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.kb.cert.org/vuls/id/280844		Third Party Advisory US Government Resource
2	http://www.kb.cert.org/vuls/id/280844		Third Party Advisory US Government Resource

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Cryoserver における権限昇格の脆弱性

Title	Cryoserver における権限昇格の脆弱性
Summary	Cryoserver には、権限昇格の脆弱性が存在します。 Cryoserver には、/etc/init.d/cryoserver へのパーミッションを適切に設定していないため、権限昇格の脆弱性 (CWE-264) が存在します。 CWE-264: Permissions, Privileges, and Access Controls http://cwe.mitre.org/data/definitions/264.html
Possible impacts	第三者によって、root 権限を取得される可能性があります。
Solution	2014年10月9日現在、対策方法は不明です。
Publication Date	Oct. 7, 2014, midnight
Registration Date	Oct. 10, 2014, 11:54 a.m.
Last Update	Oct. 21, 2014, 3:03 p.m.

Affected System

Cryoserver FCS (UK) Limited.

Cryoserver バージョン 7.3.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-4867	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4867
National Vulnerability Database (NVD)
2	CVE-2014-4867	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4867

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Cryoserver FCS (UK) Limited.
1	Cryoserver Email Archiving Appliance	http://www.cryoserver.com/appliance/

その他

No	Name	URL
JVN
1	JVNVU#99271186	https://jvn.jp/vu/JVNVU99271186/index.html
US-CERT Vulnerability Note
2	VU#280844	http://www.kb.cert.org/vuls/id/280844

Change Log

No	Changed Details	Date of change
0	[2014年10月10日] 掲載 [2014年10月21日] 参考情報：National Vulnerability Database (NVD) (CVE-2014-4867) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.2:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.3:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:::::::*
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:a::::::
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:a::::::
cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.4:::::::*