Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9683

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2014-9683
Last Modified 26 Mar 2015 09:59:43
Published 03 Mar 2015 06:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-9683

Summary

Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

  • Linux Kernel 3.18.1


References

CONFIRM - https://github.com/torvalds/linux/commit/942080643bce061c3dd9d5718d3b745dcb39a8bc

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1193830

MLIST - [oss-security] 20150217 Re: CVE request: Linux kernel ecryptfs 1-byte overwrite

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=942080643bce061c3dd9d5718d3b745dcb39a8bc

UBUNTU - USN-2518-1

UBUNTU - USN-2517-1

UBUNTU - USN-2516-1

UBUNTU - USN-2515-1

SECTRACK - 1031860

BID - 72643

DEBIAN - DSA-3170

MANDRIVA - MDVSA-2015:058

UBUNTU - USN-2542-1

UBUNTU - USN-2541-1


Last Updated: 27 May 2016 11:08:13