CVE-2014-8165

Impact:
Moderate
Public Date:
2014-09-30
CWE:
CWE-502
Bugzilla:
1073139: CVE-2014-8165 powerpc-utils-python: arbitrary code execution due to unpickling untrusted input
It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process.

Find out more about CVE-2014-8165 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (powerpc-utils-python) RHSA-2016:2607 2016-11-03

Acknowledgements

This issue was discovered by Dhiru Kholia of Red Hat Product Security.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.