Login Sign Up

CVE-2014-1936

7.5 HIGH

📋 TL;DR

CVE-2014-1936 is a vulnerability in rc (run commands) software where temporary files are created insecurely, allowing local attackers to perform symlink attacks. This affects systems using rc versions before 1.7.1-5. The vulnerability enables file manipulation and potential privilege escalation.

💻 Affected Systems

Products:
  • rc (run commands)
Versions: All versions before 1.7.1-5
Operating Systems: Linux distributions including Debian, Ubuntu, and other systems using rc
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where rc is installed and used. Many modern systems may not have rc installed by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Rc by Rc Project

View all CVEs affecting Rc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, allowing complete system compromise through symlink attacks on temporary files.

🟠

Likely Case

Local user gains unauthorized write access to sensitive files, potentially leading to data corruption or limited privilege escalation.

🟢

If Mitigated

Minimal impact with proper file permissions and SELinux/AppArmor restrictions preventing symlink attacks.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring shell access to the affected system.
🏢 Internal Only: MEDIUM - Internal users with shell access could exploit this for privilege escalation or file manipulation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local shell access and knowledge of rc usage patterns. Symlink attacks are well-understood techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.1-5 and later

Vendor Advisory: https://security-tracker.debian.org/tracker/CVE-2014-1936

Restart Required: No

Instructions:

1. Update rc package: sudo apt-get update && sudo apt-get install rc
2. Verify version: rc --version
3. Ensure version is 1.7.1-5 or higher

🔧 Temporary Workarounds

Remove rc package

linux

Uninstall rc if not required for system functionality

sudo apt-get remove rc

Restrict file permissions

linux

Set strict permissions on directories where rc creates temporary files

sudo chmod 700 /tmp/rc*
sudo chown root:root /tmp/rc*

🧯 If You Can't Patch

  • Remove or disable rc if not essential for operations
  • Implement strict file system monitoring and integrity checking for temporary file creation

🔍 How to Verify

Check if Vulnerable:

Check rc version: dpkg -l | grep rc or rpm -qa | grep rc

Check Version:

rc --version || dpkg -l | grep rc || rpm -qa | grep rc

Verify Fix Applied:

Verify installed version is 1.7.1-5 or higher: rc --version

📡 Detection & Monitoring

Log Indicators:

  • Unusual temporary file creation patterns
  • Symlink creation in /tmp directories
  • Failed file permission operations

Network Indicators:

  • None - local vulnerability only

SIEM Query:

process.name:rc AND file.path:/tmp/* AND (file.action:create OR file.action:modify)

📊 Metadata

CVE ID: CVE-2014-1936
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-20
Published: November 21, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2014-1936, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2019-11708 10.0

This vulnerability allows a compromised child process in Firefox/Thunderbird to trick the parent pro...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)