CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a mount -o remount command within a user namespace.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/122.html
• https://cwe.mitre.org/data/definitions/233.html
• https://cwe.mitre.org/data/definitions/58.html

References

• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705
• http://osvdb.org/show/osvdb/110055
• http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html
• http://seclists.org/oss-sec/2014/q3/352
• http://www.exploit-db.com/exploits/34923
• http://www.openwall.com/lists/oss-security/2014/08/13/4
• http://www.securityfocus.com/bid/69216
• http://www.ubuntu.com/usn/USN-2317-1
• http://www.ubuntu.com/usn/USN-2318-1
• https://bugzilla.redhat.com/show_bug.cgi?id=1129662
• https://exchange.xforce.ibmcloud.com/vulnerabilities/95266
• https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9566d6742852c527bf5af38af5cbb878dad75705
• http://osvdb.org/show/osvdb/110055
• http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html
• http://seclists.org/oss-sec/2014/q3/352
• http://www.exploit-db.com/exploits/34923
• http://www.openwall.com/lists/oss-security/2014/08/13/4
• http://www.securityfocus.com/bid/69216
• http://www.ubuntu.com/usn/USN-2317-1
• http://www.ubuntu.com/usn/USN-2318-1
• https://bugzilla.redhat.com/show_bug.cgi?id=1129662
• https://exchange.xforce.ibmcloud.com/vulnerabilities/95266
• https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705