Posted by Portcullis Advisories on Nov 19

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard
Glance for Linux
CVE: CVE-2014-2630
Vendor: Compaq/Hewlett Packard
Product: Glance for Linux
Affected version: 11.00 and subsequent
Fixed version: HPSBMU03086 rev.3
Reported by: Tim Brown

Details:

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in
Compaq/HP’s…