Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2014-5284

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.097
EPSS Ranking 92.5%
CVSS Severity
CVSS v2 Score 7.2
Products affected by CVE-2014-5284
  • Ossec » Ossec » Version: 0.8
    cpe:2.3:a:ossec:ossec:0.8
  • Ossec » Ossec » Version: 1.1.0
    cpe:2.3:a:ossec:ossec:1.1.0
  • Ossec » Ossec » Version: 2.5.0
    cpe:2.3:a:ossec:ossec:2.5.0
  • Ossec » Ossec » Version: 2.6.0
    cpe:2.3:a:ossec:ossec:2.6.0
  • Ossec » Ossec » Version: 2.7
    cpe:2.3:a:ossec:ossec:2.7
  • Ossec » Ossec » Version: 2.7.0
    cpe:2.3:a:ossec:ossec:2.7.0
  • Ossec » Ossec » Version: 2.7.1
    cpe:2.3:a:ossec:ossec:2.7.1
  • Ossec » Ossec » Version: 2.8.0
    cpe:2.3:a:ossec:ossec:2.8.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved