What is CVE-2014-5008?

CVE-2014-5008 is a critical-severity software vulnerability (Command injection) with a CVSS score of 9.8. Snoopy allows remote attackers to execute arbitrary commands.

Is CVE-2014-5008 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 4%.

What products does CVE-2014-5008 affect?

Tracked products affected include Debian. Check the version you run to see whether it is affected.

How do I fix CVE-2014-5008?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2014-5008

CRITICAL severity · CVSS 9.8 · Command injection

9.8CVSS CRITICAL

Summary

Snoopy allows remote attackers to execute arbitrary commands.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)4%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Debian

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://rhn.redhat.com/errata/RHSA-2017-0211.html ↗

Additional information

NVD record
http://rhn.redhat.com/errata/RHSA-2017-0211.htmlPatch
http://rhn.redhat.com/errata/RHSA-2017-0212.htmlPatch
http://rhn.redhat.com/errata/RHSA-2017-0213.htmlPatch
http://rhn.redhat.com/errata/RHSA-2017-0214.htmlPatch
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.28Patch
http://www.openwall.com/lists/oss-security/2014/07/16/10Patch
http://www.openwall.com/lists/oss-security/2014/07/18/2Patch
http://www.debian.org/security/2015/dsa-3248Advisory