Reset Search
 

 

Article

JSA10616 - 2014-03 Security Bulletin: Pulse Connect Secure (PCS): Linux Network Connect client local user privilege escalation issue (CVE-2014-2292)

« Go Back

Information

 
Product AffectedThis issue can affect all: SA700, SA2000, SA2500, SA4000, FIPS SA4000, SA4500, FIPS SA4500, SA6000, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, and MAG6611. The affected software releases includes PCS OS 7.1, 7.3, 7.4, and 8.0.
Problem
A privilege escalation issue has been found and corrected in the Linux Network Connect client. This issue could allow a non-root user to escalate their access to root privileges on a Network Connect end-user client system.

Pulse Secure SIRT is not aware of any malicious exploitation of these vulnerabilities.

No other Pulse Secure products or platforms are affected by this issue.

This issue has been assigned CVE-2014-2292.
Solution
The issue is fixed in PCS releases: 8.0r2, 7.4r8, 7.3r10, and 7.1r17, and all subsequent releases.

 
Workaround
 There is no workaround for this issue. You must upgrade to a fixed version of the software for the fix.
Implementation
Related Links
CVSS Score6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)
Risk Assessment
Acknowledgements
Pulse Secure would like to thank two reporters for independently discovering this issue and bringing it to our attention: Jörg Scheinert from Verizon GCIS Vulnerability Management for the discovery and Thierry Zoller for analysis and coordination, and also Joep Vesseur.
Alert Type 
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDJSA10616

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255