Candidate: CVE-2014-5220
PublicDate: 2018-06-08 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5220
 https://lists.opensuse.org/opensuse-updates/2015-02/msg00069.html
Description:
 The mdcheck script of the mdadm package for openSUSE 13.2 prior to version
 3.3.1-5.14.1 does not properly sanitize device names, which allows local
 attackers to execute arbitrary commands as root.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.suse.com/show_bug.cgi?id=910500
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_mdadm:
 upstream: https://github.com/mapcollab/mdadm/commit/979b1feb093b1c2e0f8b58716329f2da092741d4
upstream_mdadm: released (3.3.4-1)
precise/esm_mdadm: not-affected (code not present)
trusty_mdadm: not-affected (code not present)
trusty/esm_mdadm: not-affected (code not present)
xenial_mdadm: not-affected (code not present)
esm-infra/xenial_mdadm: not-affected (code not present)
artful_mdadm: not-affected (4.0-2)
bionic_mdadm: not-affected
devel_mdadm: not-affected