CVE-2014-5284

Published: Dec 2, 2014Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.

Affected (1)

Products: Ossec: Ossec

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ossec Ossec	Up to 2.8.0

Related CWEs

References (6)

http://packetstormsecurity.com/files/129111/OSSEC-2.8-Privilege-Escalation.html

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/35234

Source: cve@mitre.org

Exploit

https://github.com/ossec/ossec-hids/releases/tag/2.8.1

Source: cve@mitre.org

PatchVendor Advisory

http://packetstormsecurity.com/files/129111/OSSEC-2.8-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.exploit-db.com/exploits/35234

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://github.com/ossec/ossec-hids/releases/tag/2.8.1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.