CVE-2014-3980 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-3980

CWE

https://cwe.mitre.org/data/definitions/264.html

libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Libfep	Daiki_ueno	0.0.5 (including)	0.0.5 (including)
Libfep	Daiki_ueno	0.0.6 (including)	0.0.6 (including)
Libfep	Daiki_ueno	0.0.7 (including)	0.0.7 (including)
Libfep	Daiki_ueno	0.0.8 (including)	0.0.8 (including)
Libfep	Daiki_ueno	0.0.9 (including)	0.0.9 (including)

References

http://www.openwall.com/lists/oss-security/2014/06/05/16
http://www.openwall.com/lists/oss-security/2014/06/06/11
http://www.securityfocus.com/bid/67903
https://github.com/ueno/libfep/commit/293d9d3f