Executive Summary

Informations
Name CVE-2014-4043 First vendor Publication 2014-10-06
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25541
 
Oval ID: oval:org.mitre.oval:def:25541
Title: SUSE-SU-2014:0920-1 -- Security update for glibc
Description: glibc has been updated to fix one security issue that could have resulted in free-after-use situations.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0920-1
CVE-2014-4043
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26211
 
Oval ID: oval:org.mitre.oval:def:26211
Title: USN-2306-1 -- eglibc vulnerabilities
Description: Several security issues were fixed in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-1
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26402
 
Oval ID: oval:org.mitre.oval:def:26402
Title: USN-2306-2 -- eglibc regression
Description: USN-2306-1 introduced a regression in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-2
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26728
 
Oval ID: oval:org.mitre.oval:def:26728
Title: USN-2306-3 -- eglibc regression
Description: USN-2306-1 introduced a regression in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-3
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 114
Os 1

Nessus® Vulnerability Scanner

Date Description
2015-08-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-544.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1122-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1128-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0167-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0170-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-168.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-165.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-04.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3169.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-296-01.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-3.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2328-1.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-152.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-2.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-1.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-140701.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=ChangeLog%...
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=blobdiff%3Bf=posix/spaw...
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=89e435f3559c53084498e9b...
Source Url
BID http://www.securityfocus.com/bid/68006
BUGTRAQ https://seclists.org/bugtraq/2019/Jun/14
https://seclists.org/bugtraq/2019/Sep/7
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1109263
https://sourceware.org/bugzilla/show_bug.cgi?id=17048
FULLDISC http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
GENTOO https://security.gentoo.org/glsa/201503-04
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:152
MISC http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switc...
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credential...
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/93784

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
Date Informations
2023-11-07 21:45:18
  • Multiple Updates
2021-05-04 12:33:14
  • Multiple Updates
2021-04-22 01:39:45
  • Multiple Updates
2020-12-11 01:11:28
  • Multiple Updates
2020-05-24 01:14:02
  • Multiple Updates
2020-05-23 01:52:22
  • Multiple Updates
2020-05-23 00:41:19
  • Multiple Updates
2019-09-10 12:06:31
  • Multiple Updates
2019-06-14 05:20:26
  • Multiple Updates
2019-06-13 21:19:22
  • Multiple Updates
2019-06-13 13:19:23
  • Multiple Updates
2019-03-07 12:06:12
  • Multiple Updates
2018-10-31 00:20:38
  • Multiple Updates
2018-05-25 12:05:36
  • Multiple Updates
2018-01-26 12:05:36
  • Multiple Updates
2017-12-15 12:02:30
  • Multiple Updates
2017-08-29 09:24:35
  • Multiple Updates
2017-07-01 09:23:11
  • Multiple Updates
2016-06-29 00:36:25
  • Multiple Updates
2016-04-06 17:23:51
  • Multiple Updates
2015-09-03 05:33:55
  • Multiple Updates
2015-09-03 00:25:02
  • Multiple Updates
2015-09-02 21:26:24
  • Multiple Updates
2015-09-02 17:35:28
  • Multiple Updates
2015-09-02 13:39:47
  • Multiple Updates
2015-09-02 09:32:25
  • Multiple Updates
2015-09-02 05:28:04
  • Multiple Updates
2015-09-02 00:23:40
  • Multiple Updates
2015-09-01 21:24:23
  • Multiple Updates
2015-09-01 17:36:30
  • Multiple Updates
2015-09-01 13:37:30
  • Multiple Updates
2015-09-01 09:28:07
  • Multiple Updates
2015-09-01 05:32:43
  • Multiple Updates
2015-09-01 00:29:24
  • Multiple Updates
2015-08-31 21:28:45
  • Multiple Updates
2015-08-31 17:35:15
  • Multiple Updates
2015-08-31 13:29:52
  • Multiple Updates
2015-08-31 09:19:58
  • Multiple Updates
2015-08-31 00:27:01
  • Multiple Updates
2015-08-30 21:27:32
  • Multiple Updates
2015-08-30 17:33:28
  • Multiple Updates
2015-08-30 13:37:12
  • Multiple Updates
2015-08-30 05:27:48
  • Multiple Updates
2015-08-30 00:37:10
  • Multiple Updates
2015-08-29 21:26:46
  • Multiple Updates
2015-08-29 17:24:50
  • Multiple Updates
2015-08-29 13:34:05
  • Multiple Updates
2015-08-29 09:25:56
  • Multiple Updates
2015-08-29 05:32:02
  • Multiple Updates
2015-08-29 00:23:01
  • Multiple Updates
2015-08-28 21:24:32
  • Multiple Updates
2015-08-28 17:27:48
  • Multiple Updates
2015-08-28 13:30:20
  • Multiple Updates
2015-08-28 09:28:31
  • Multiple Updates
2015-08-28 05:28:07
  • Multiple Updates
2015-08-28 00:26:48
  • Multiple Updates
2015-08-27 21:27:56
  • Multiple Updates
2015-08-27 17:38:15
  • Multiple Updates
2015-08-27 09:26:17
  • Multiple Updates
2015-08-27 05:31:59
  • Multiple Updates
2015-08-27 00:23:04
  • Multiple Updates
2015-08-26 21:28:53
  • Multiple Updates
2015-08-26 17:34:03
  • Multiple Updates
2015-08-26 13:35:28
  • Multiple Updates
2015-08-26 09:29:54
  • Multiple Updates
2015-08-18 13:34:52
  • Multiple Updates
2015-05-21 13:31:25
  • Multiple Updates
2015-03-31 13:28:37
  • Multiple Updates
2015-03-27 13:28:20
  • Multiple Updates
2015-03-10 13:24:59
  • Multiple Updates
2015-02-25 13:24:07
  • Multiple Updates
2014-10-25 13:25:28
  • Multiple Updates
2014-10-16 13:26:21
  • Multiple Updates
2014-10-08 09:23:58
  • Multiple Updates
2014-10-07 21:28:13
  • First insertion