CVE-2014-0470

super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
super_projectsuper
3.30.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
super
bullseye
3.30.3-1
fixed
sid
3.30.3-2
fixed
trixie
3.30.3-2
fixed
bookworm
3.30.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
super
vivid
not-affected
utopic
not-affected
trusty
Fixed 3.30.0-6+deb7u1build0.14.04.1
released
saucy
ignored
quantal
ignored
precise
Fixed 3.30.0-6+deb7u1build0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://www.debian.org/security/2014/dsa-2917
http://www.openwall.com/lists/oss-security/2014/04/28/6
http://www.debian.org/security/2014/dsa-2917
http://www.openwall.com/lists/oss-security/2014/04/28/6