PT-2014-1944 · Linux+5 · Linux Kernel+5

Dmitry Chernenkov

·

Publicado

2014-12-31

·

Atualizado

2016-12-24

·

CVE-2014-9683

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.18.2
Description The issue is related to an off-by-one error in the ecryptfs decode from filename function in the eCryptfs subsystem. This error can be exploited by local users to cause a denial of service, resulting in a buffer overflow and system crash, or possibly gain privileges via a crafted filename. There is also mention of multiple vulnerabilities in the linux-image-3.2.0 package of the Ubuntu operating system that can lead to violations of confidentiality, integrity, and availability of protected information, potentially exploitable remotely.
Recommendations For Linux kernel versions prior to 3.18.2, update to version 3.18.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ecryptfs decode from filename function until a patch is available. Avoid using crafted filenames that could exploit the off-by-one error in the ecryptfs decode from filename function until the issue is resolved.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189CWE-17

Identificadores relacionados

ALT-PU-2015-1018
ALT-PU-2015-1794
BDU:2015-09846
CESA-2015_1272
CVE-2014-9683
DLA-246-1
DSA-3170-1
OPENSUSE-SU-2016_0301-1
RHSA-2015:1272
RHSA-2015_1272
SUSE-RU-2015:0621-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
SUSE-SU-2015:1478-1
USN-2515-1
USN-2516-1
USN-2516-2
USN-2516-3
USN-2517-1
USN-2518-1
USN-2541-1
USN-2542-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu