Privilege Escalation Vulnerability in OSSEC by Trend Micro
CVE-2014-5284

Currently unrated

Key Information:

Vendor

Ossec

Status
Ossec
Vendor
CVE Published:
2 December 2014

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2014-5284?

The vulnerability in OSSEC affects versions before 2.8.1, where the host-deny.sh script creates temporary files with predictable filenames. This oversight allows local users to manipulate access controls by creating these files prior to the execution of IP blocking, leading to unauthorized modifications in hosts.deny and potentially escalating their privileges to root.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-5284
Created by mbadanoiu

References

http://www.exploit-db.com/exploits/35234
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/129111/OSSEC-2.8-Pri...
x_refsource_MISC
https://github.com/ossec/ossec-hids/releases/tag/2.8.1
x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.