Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2014-9091

Published: Dec 10, 2014 | Modified: Dec 11, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2014-9091
CWEhttps://cwe.mitre.org/data/definitions/264.html

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Icecast Icecast * 2.3.3 (including)
Icecast2 Ubuntu lucid *
Icecast2 Ubuntu precise *
Icecast2 Ubuntu trusty *
Icecast2 Ubuntu upstream *
Icecast2 Ubuntu utopic *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use