CVE-2014-8165

Current Description

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

Basic Data

Published	February 19, 2015
Last Modified	January 05, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-345
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	COMPLETE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	10.0
Severity	HIGH
Exploitability Score	10.0
Impact Score	10.0
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	Application	Powerpc-utils Project	Powerpc-utils	-	*	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Powerpc-utils Project	Powerpc-utils	-

References

Name	Source	URL	Tags
RHSA-2016:2607	http://rhn.redhat.com/errata/RHSA-2016-2607.html	REDHAT
[Powerpc-utils-devel] 20140930 [RFC PATCH] amsvis/amsnet: Replace pickle with json	http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/	MLIST	Vendor Advisory
[oss-security] 20150209 CVE-2014-8165: remote code execution in powerpc-utils-python	http://www.openwall.com/lists/oss-security/2015/02/09/4	MLIST
72537	http://www.securityfocus.com/bid/72537	BID
https://bugzilla.redhat.com/show_bug.cgi?id=1073139	https://bugzilla.redhat.com/show_bug.cgi?id=1073139	CONFIRM
powerpcutils-cve20148165-code-exec(100788)	https://exchange.xforce.ibmcloud.com/vulnerabilities/100788	XF