CVE-2014-7272 - OpenCVE

Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sddm Project	Sddm
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/06/4	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1149610	Issue Tracking
https://github.com/sddm/sddm/pull/280	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-08T20:00:00

Updated: 2018-03-08T19:57:01

Reserved: 2014-10-01T00:00:00

Link: CVE-2014-7272

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-03-08T20:29:00.300

Modified: 2018-03-27T23:50:43.917

Link: CVE-2014-7272

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-06T00:00:00", "descriptions": [{"lang": "en", "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-08T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sddm/sddm/pull/280"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"}, {"name": "FEDORA-2014-12442", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"}, {"name": "FEDORA-2014-12308", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"}, {"name": "[oss-security] 20141006 Re: various sddm vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7272", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sddm/sddm/pull/280", "refsource": "CONFIRM", "url": "https://github.com/sddm/sddm/pull/280"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"}, {"name": "FEDORA-2014-12442", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"}, {"name": "FEDORA-2014-12308", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"}, {"name": "[oss-security] 20141006 Re: various sddm vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-7272", "datePublished": "2018-03-08T20:00:00", "dateReserved": "2014-10-01T00:00:00", "dateUpdated": "2018-03-08T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sddm_project:sddm:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DDC8C0-36AE-441B-AAC1-113EF98F19AA", "versionEndExcluding": "0.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases)."}, {"lang": "es", "value": "Simple Desktop Display Manager (SDDM), en versiones anteriores a la 0.10.0, permite que los usuarios locales obtengan privilegios root, ya que la ejecuci\u00f3n de c\u00f3digo como root realiza operaciones de escritura en un directorio de inicio del usuario y dicho usuario podr\u00eda haber creado enlaces anteriormente (su explotaci\u00f3n requiere que el usuario explote previamente una condici\u00f3n de carrera en ~/.Xauthority con los permisos adecuados. Nunca en otros casos)."}], "id": "CVE-2014-7272", "lastModified": "2018-03-27T23:50:43.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-08T20:29:00.300", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141550.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/10/06/4"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149610"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/sddm/sddm/pull/280"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}