CVE-2014-5284

OSSEC < 2.8.0 - Privilege Escalation via Predictable Temporary File Handling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-5284. PoCs published by skynet-13, mbadanoiu.

AI-analyzed exploit summary This exploit leverages a race condition in ossec 2.8's insecure temporary file creation to escalate privileges. It monitors /tmp for file changes and injects a malicious entry into hosts.deny to execute arbitrary commands as root.

Description

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.

Exploits (2)

exploitdb WORKING POC VERIFIED

by skynet-13 · pythonlocallinux

https://www.exploit-db.com/exploits/35234

View Code ZIP pw:eip

This exploit leverages a race condition in ossec 2.8's insecure temporary file creation to escalate privileges. It monitors /tmp for file changes and injects a malicious entry into hosts.deny to execute arbitrary commands as root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: ossec-hids 2.8

No auth needed

Prerequisites: Local access to the target system · ossec-hids 2.8 installed · Ability to trigger SSH authentication failures

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2014-5284

View Code ZIP pw:eip

This repository contains a privilege escalation exploit for CVE-2014-5284, targeting OSSEC 2.8's insecure temporary file creation vulnerability. The exploit monitors /tmp for file changes and injects a command into a temporary hosts.deny file, which is then executed as root when SSH is accessed.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: OSSEC 2.8

No auth needed

Prerequisites: Access to the target system · inotify-tools installed or available

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://github.com/ossec/ossec-hids/releases/tag/2.8.1

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35234

Exploit x_refsource_misc

http://packetstormsecurity.com/files/129111/OSSEC-2.8-Privilege-Escalation.html

Scores

EPSS 0.0250

EPSS Percentile 82.6%

Details

CWE

CWE-264

Status published

Products (1)

ossec/ossec < 2.8.0

Published Dec 02, 2014

Tracked Since Feb 18, 2026