Executive Summary

Informations
NameCVE-2014-4027First vendor Publication2014-06-23
VendorCveLast vendor Modification2017-01-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:S/C:P/I:N/A:N)
Cvss Base Score2.3Attack RangeAdjacent network
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score4.4AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027

CWE : Common Weakness Enumeration

%idName
100 %CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2058

Nessus® Vulnerability Scanner

DateDescription
2017-04-03Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-04-10Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0040.nasl - Type : ACT_GATHER_INFO
2015-03-20Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-3012.nasl - Type : ACT_GATHER_INFO
2015-03-13Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3103.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3104.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141209_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-10-23Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140924.nasl - Type : ACT_GATHER_INFO
2014-10-23Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-bigsmp-201409-140924.nasl - Type : ACT_GATHER_INFO
2014-10-16Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15685.nasl - Type : ACT_GATHER_INFO
2014-09-03Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2334-1.nasl - Type : ACT_GATHER_INFO
2014-09-03Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2336-1.nasl - Type : ACT_GATHER_INFO
2014-09-03Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2337-1.nasl - Type : ACT_GATHER_INFO
2014-08-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-155.nasl - Type : ACT_GATHER_INFO
2014-07-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0913.nasl - Type : ACT_GATHER_INFO
2014-07-17Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2285-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4...
https://bugzilla.redhat.com/show_bug.cgi?id=1108744
https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a...
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html
MLIST http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618
http://www.openwall.com/lists/oss-security/2014/06/11/1
SECUNIA http://secunia.com/advisories/59134
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
UBUNTU http://www.ubuntu.com/usn/USN-2334-1
http://www.ubuntu.com/usn/USN-2335-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
DateInformations
2019-01-25 12:06:22
  • Multiple Updates
2018-11-17 12:04:55
  • Multiple Updates
2018-10-30 12:06:58
  • Multiple Updates
2018-08-09 12:02:58
  • Multiple Updates
2018-04-25 12:05:46
  • Multiple Updates
2017-04-04 13:20:39
  • Multiple Updates
2017-01-07 09:25:37
  • Multiple Updates
2016-08-12 12:01:32
  • Multiple Updates
2016-06-30 21:38:17
  • Multiple Updates
2016-06-29 00:36:24
  • Multiple Updates
2016-04-27 00:56:42
  • Multiple Updates
2015-04-11 13:28:46
  • Multiple Updates
2015-03-21 13:27:31
  • Multiple Updates
2015-03-14 13:25:30
  • Multiple Updates
2014-12-16 13:25:21
  • Multiple Updates
2014-12-11 13:25:05
  • Multiple Updates
2014-12-10 09:24:32
  • Multiple Updates
2014-12-07 09:25:52
  • Multiple Updates
2014-10-31 13:24:40
  • Multiple Updates
2014-10-24 13:25:31
  • Multiple Updates
2014-10-17 13:26:26
  • Multiple Updates
2014-10-17 13:25:28
  • Multiple Updates
2014-09-13 13:43:33
  • Multiple Updates
2014-09-04 13:24:41
  • Multiple Updates
2014-08-09 13:25:11
  • Multiple Updates
2014-07-24 13:25:31
  • Multiple Updates
2014-07-18 13:24:32
  • Multiple Updates
2014-06-25 21:27:31
  • Multiple Updates
2014-06-24 00:24:36
  • Multiple Updates
2014-06-23 17:22:06
  • First insertion