{
  "threat_severity" : "Moderate",
  "public_date" : "2014-09-30T00:00:00Z",
  "bugzilla" : {
    "description" : "powerpc-utils-python: arbitrary code execution due to unpickling untrusted input",
    "id" : "1073139",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1073139"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-502",
  "details" : [ "scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.", "It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process." ],
  "statement" : "This issue affects the versions of powerpc-utils-python as shipped with Red Hat Enterprise Linux 7 for Power. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "acknowledgement" : "This issue was discovered by Dhiru Kholia (Red Hat Product Security).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2607",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "powerpc-utils-python-0:1.2.1-9.el7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8165\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8165" ],
  "name" : "CVE-2014-8165",
  "csaw" : false
}