Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9420

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2014-9420
Last Modified 03 Jun 2015 10:01:26
Published 25 Dec 2014 07:59:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-9420

Summary

The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.

Vulnerable Systems

Operating System

  • Linux Kernel 3.18.1


References

CONFIRM - https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1175235

MLIST - [oss-security] 20141225 Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f54e18f1b831c92f6512d2eedb224cd63d607d3d

SECUNIA - 62801

UBUNTU - USN-2518-1

UBUNTU - USN-2517-1

UBUNTU - USN-2516-1

UBUNTU - USN-2515-1

UBUNTU - USN-2493-1

UBUNTU - USN-2492-1

UBUNTU - USN-2490-1

UBUNTU - USN-2491-1

SUSE - SUSE-SU-2015:0178

MANDRIVA - MDVSA-2015:058

SUSE - SUSE-SU-2015:0652

FEDORA - FEDORA-2015-0515

FEDORA - FEDORA-2015-0517

SUSE - SUSE-SU-2015:0812

SUSE - SUSE-SU-2015:0736


Last Updated: 27 May 2016 11:08:54