Vulnerability Details CVE-2014-3980
libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.7%
CVSS Severity
CVSS v2 Score 4.6
References
- http://www.openwall.com/lists/oss-security/2014/06/05/16
- http://www.openwall.com/lists/oss-security/2014/06/06/11
- http://www.securityfocus.com/bid/67903
- https://github.com/ueno/libfep/commit/293d9d3f
- http://www.openwall.com/lists/oss-security/2014/06/05/16
- http://www.openwall.com/lists/oss-security/2014/06/06/11
- http://www.securityfocus.com/bid/67903
- https://github.com/ueno/libfep/commit/293d9d3f
Products affected by CVE-2014-3980
-
cpe:2.3:a:daiki_ueno:libfep:0.0.5
-
cpe:2.3:a:daiki_ueno:libfep:0.0.6
-
cpe:2.3:a:daiki_ueno:libfep:0.0.7
-
cpe:2.3:a:daiki_ueno:libfep:0.0.8
-
cpe:2.3:a:daiki_ueno:libfep:0.0.9