CVE-2014-8119 - OpenCVE

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netcf Project	Netcf
Redhat	Enterprise Linux
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Configuration 2 [-]

cpe:2.3:a:netcf_project:netcf:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156571.html	Issue Tracking Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157508.html	Issue Tracking Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157713.html	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2248.html	Issue Tracking Third Party Advisory
http://www.securityfocus.com/bid/78046	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1172176	Issue Tracking Third Party Advisory
https://pagure.io/netcf/blob/050b05c880a6b343baf86780d94764b1aafece37/f/NEWS	Issue Tracking Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-12-29T22:00:00

Updated: 2017-12-29T21:57:01

Reserved: 2014-10-10T00:00:00

Link: CVE-2014-8119

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-12-29T22:29:00.473

Modified: 2019-04-22T17:48:00.643

Link: CVE-2014-8119

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-29T21:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2015-5910", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157508.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172176"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pagure.io/netcf/blob/050b05c880a6b343baf86780d94764b1aafece37/f/NEWS"}, {"name": "FEDORA-2015-5885", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156571.html"}, {"name": "FEDORA-2015-5872", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157713.html"}, {"name": "RHSA-2015:2248", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2248.html"}, {"name": "78046", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/78046"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8119", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2015-5910", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157508.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1172176", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172176"}, {"name": "https://pagure.io/netcf/blob/050b05c880a6b343baf86780d94764b1aafece37/f/NEWS", "refsource": "CONFIRM", "url": "https://pagure.io/netcf/blob/050b05c880a6b343baf86780d94764b1aafece37/f/NEWS"}, {"name": "FEDORA-2015-5885", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156571.html"}, {"name": "FEDORA-2015-5872", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157713.html"}, {"name": "RHSA-2015:2248", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-2248.html"}, {"name": "78046", "refsource": "BID", "url": "http://www.securityfocus.com/bid/78046"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8119", "datePublished": "2017-12-29T22:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2017-12-29T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netcf_project:netcf:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6B48069-7854-4A5E-B3FB-BA37D429DA77", "versionEndIncluding": "0.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions."}, {"lang": "es", "value": "La funci\u00f3n find_ifcfg_path en netcf en versiones anteriores a la 0.2.7 podr\u00eda permitir que atacantes provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) mediante vectores que implican expresiones de ruta de augeas."}], "id": "CVE-2014-8119", "lastModified": "2019-04-22T17:48:00.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-29T22:29:00.473", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156571.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157508.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157713.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2248.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/78046"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172176"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Release Notes", "Third Party Advisory"], "url": "https://pagure.io/netcf/blob/050b05c880a6b343baf86780d94764b1aafece37/f/NEWS"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}