PT-2014-1942 · Linux+4 · Linux Kernel+4

Publicado

2014-12-31

Atualizado

2020-05-21

CVE-2014-9644

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions linux-image versions 3.13.0 through 3.16.0 linux-image versions prior to 3.18.5

Description The issue affects the Linux kernel, allowing local users to load arbitrary kernel modules via a bind system call for an AF ALG socket with a parenthesized module template expression in the salg name field. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally.

Recommendations For linux-image versions 3.13.0 through 3.16.0, update to a version prior to 3.18.5 to resolve the issue. For linux-image versions prior to 3.18.5, update to version 3.18.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AF ALG socket to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17CWE-269

Identificadores relacionados

ALT-PU-2015-1118

ALT-PU-2015-1794

BDU:2015-09845

BDU:2015-09847

CESA-2015_2152

CVE-2014-9644

DSA-3170-1

MGASA-2015-0070

MGASA-2015-0075

MGASA-2015-0076

MGASA-2015-0077

MGASA-2015-0078

RHSA-2015:2152

RHSA-2015:2411

RHSA-2015_2152

RHSA-2015_2411

RHSA-2016:0068

USN-2513-1

USN-2514-1

USN-2543-1

USN-2544-1

USN-2545-1

USN-2546-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2014-1942 · Linux+4 · Linux Kernel+4

CVE-2014-9644

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 117