CVE-2014-9770

tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.

CVSS v3 3.3 LOW
CVSS v2.0 2.1 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00044.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00109.html
http://www.openwall.com/lists/oss-security/2016/04/08/14
http://www.openwall.com/lists/oss-security/2016/04/08/15
https://bugzilla.suse.com/show_bug.cgi?id=972612

Configurations

Configuration 1 (hide)

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

History

07 Nov 2023, 02:23

Type	Values Removed	Values Added
References	~~(CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=972612 -~~	() https://bugzilla.suse.com/show_bug.cgi?id=972612 -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2016-05/msg00109.html -~~	() http://lists.opensuse.org/opensuse-updates/2016-05/msg00109.html -
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2016/04/08/15 -~~	() http://www.openwall.com/lists/oss-security/2016/04/08/15 -
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2016/04/08/14 -~~	() http://www.openwall.com/lists/oss-security/2016/04/08/14 -
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00044.html - Vendor Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00044.html -

Information

Published : 2016-04-20 16:59

Updated : 2023-12-10 11:46

NVD link : CVE-2014-9770

Mitre link : CVE-2014-9770

CVE.ORG link : CVE-2014-9770

JSON object : View

Products Affected

opensuse

opensuse

CWE

CWE-264

Permissions, Privileges, and Access Controls

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2014-9770

3.3^/10

2.1^/10

Attach tags to `CVE-2014-9770`