Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerability |
Informations | |||
---|---|---|---|
Name | USN-2202-1 | First vendor Publication | 2014-05-06 |
Vendor | Ubuntu | Last vendor Modification | 2014-05-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux: Linux kernel Details: A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: After a standard system update you need to reboot your computer to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2202-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24445 | |||
Oval ID: | oval:org.mitre.oval:def:24445 | ||
Title: | USN-2200-1 -- linux-lts-raring vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2200-1 CVE-2014-0196 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-raring |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24543 | |||
Oval ID: | oval:org.mitre.oval:def:24543 | ||
Title: | USN-2203-1 -- linux vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2203-1 CVE-2014-0196 | Version: | 5 |
Platform(s): | Ubuntu 13.10 | Product(s): | linux |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24668 | |||
Oval ID: | oval:org.mitre.oval:def:24668 | ||
Title: | USN-2202-1 -- linux vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2202-1 CVE-2014-0196 | Version: | 5 |
Platform(s): | Ubuntu 12.10 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24673 | |||
Oval ID: | oval:org.mitre.oval:def:24673 | ||
Title: | USN-2199-1 -- linux-lts-quantal vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2199-1 CVE-2014-0196 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-quantal |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24706 | |||
Oval ID: | oval:org.mitre.oval:def:24706 | ||
Title: | USN-2201-1 -- linux-lts-saucy vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2201-1 CVE-2014-0196 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-saucy |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24747 | |||
Oval ID: | oval:org.mitre.oval:def:24747 | ||
Title: | USN-2204-1 -- linux vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2204-1 CVE-2014-0196 | Version: | 4 |
Platform(s): | Ubuntu 14.04 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24818 | |||
Oval ID: | oval:org.mitre.oval:def:24818 | ||
Title: | USN-2197-1 -- linux-ec2 vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2197-1 CVE-2014-0196 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | linux-ec2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24838 | |||
Oval ID: | oval:org.mitre.oval:def:24838 | ||
Title: | USN-2198-1 -- linux vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2198-1 CVE-2014-0196 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25233 | |||
Oval ID: | oval:org.mitre.oval:def:25233 | ||
Title: | SUSE-SU-2014:0667-1 -- Security update for Linux Kernel | ||
Description: | The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the following severe security issues: * CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0667-1 CVE-2014-1737 CVE-2014-1738 CVE-2014-0196 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Linux Kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25258 | |||
Oval ID: | oval:org.mitre.oval:def:25258 | ||
Title: | RHSA-2014:0678: kernel security update (Important) | ||
Description: | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0678-00 CVE-2014-0196 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | kernel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2014-05-26 | Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-03 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0520.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0512.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-392.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-339.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15319.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3054.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3053.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0678.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0678.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0557.nasl - Type : ACT_GATHER_INFO |
2014-06-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2260-1.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-124.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-376.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-375.nasl - Type : ACT_GATHER_INFO |
2014-05-22 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6354.nasl - Type : ACT_GATHER_INFO |
2014-05-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3034.nasl - Type : ACT_GATHER_INFO |
2014-05-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-140513.nasl - Type : ACT_GATHER_INFO |
2014-05-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2928.nasl - Type : ACT_GATHER_INFO |
2014-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2926.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6122.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2196-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2204-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2203-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2202-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2201-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2200-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2199-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2198-1.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2197-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-07 21:29:39 |
|
2014-05-07 17:26:43 |
|
2014-05-07 13:26:19 |
|
2014-05-06 05:19:53 |
|