Executive Summary

Informations
NameCVE-2014-1446First vendor Publication2014-01-18
VendorCveLast vendor Modification2017-08-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score1.9Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24220
 
Oval ID: oval:org.mitre.oval:def:24220
Title: USN-2113-1 -- linux-lts-saucy vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2113-1
CVE-2013-4563
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6376
CVE-2013-6382
CVE-2013-6432
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-saucy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23441
 
Oval ID: oval:org.mitre.oval:def:23441
Title: USN-2117-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2117-1
CVE-2013-4563
CVE-2013-4579
CVE-2013-4587
CVE-2013-6367
CVE-2013-6368
CVE-2013-6376
CVE-2013-6382
CVE-2013-6432
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2013-7266
CVE-2013-7267
CVE-2013-7268
CVE-2013-7269
CVE-2013-7270
CVE-2013-7271
CVE-2013-7281
CVE-2014-1438
CVE-2014-1446
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24982
 
Oval ID: oval:org.mitre.oval:def:24982
Title: SUSE-SU-2014:0536-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0536-1
CVE-2011-2492
CVE-2011-2494
CVE-2012-6537
CVE-2012-6539
CVE-2012-6540
CVE-2012-6541
CVE-2012-6542
CVE-2012-6544
CVE-2012-6545
CVE-2012-6546
CVE-2012-6547
CVE-2012-6549
CVE-2013-0343
CVE-2013-0914
CVE-2013-1827
CVE-2013-2141
CVE-2013-2164
CVE-2013-2206
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
CVE-2013-2888
CVE-2013-2893
CVE-2013-2897
CVE-2013-3222
CVE-2013-3223
CVE-2013-3224
CVE-2013-3228
CVE-2013-3229
CVE-2013-3231
CVE-2013-3232
CVE-2013-3234
CVE-2013-3235
CVE-2013-4162
CVE-2013-4387
CVE-2013-4470
CVE-2013-4483
CVE-2013-4588
CVE-2013-6383
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24665
 
Oval ID: oval:org.mitre.oval:def:24665
Title: SUSE-SU-2014:0287-1 -- Security update for Linux kernel
Description: This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0287-1
CVE-2011-3593
CVE-2012-1601
CVE-2012-2137
CVE-2012-2372
CVE-2012-2745
CVE-2012-3375
CVE-2011-1083
CVE-2012-3412
CVE-2012-3430
CVE-2012-3511
CVE-2012-4444
CVE-2012-4530
CVE-2012-4565
CVE-2012-6537
CVE-2012-6538
CVE-2012-6539
CVE-2012-6540
CVE-2012-6541
CVE-2012-6542
CVE-2012-6544
CVE-2012-6545
CVE-2012-6546
CVE-2012-6547
CVE-2012-6548
CVE-2012-6549
CVE-2013-0160
CVE-2013-0216
CVE-2013-0231
CVE-2013-0268
CVE-2013-0310
CVE-2013-0343
CVE-2013-0349
CVE-2013-0871
CVE-2013-0914
CVE-2013-1767
CVE-2013-1773
CVE-2013-1774
CVE-2013-1792
CVE-2013-1796
CVE-2013-1797
CVE-2013-1798
CVE-2013-1827
CVE-2013-1928
CVE-2013-1943
CVE-2013-2015
CVE-2013-2141
CVE-2013-2147
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2237
CVE-2013-2634
CVE-2013-2851
CVE-2013-2852
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-2893
CVE-2013-2897
CVE-2013-2929
CVE-2013-3222
CVE-2013-3223
CVE-2013-3224
CVE-2013-3225
CVE-2013-3228
CVE-2013-3229
CVE-2013-3231
CVE-2013-3232
CVE-2013-3234
CVE-2013-3235
CVE-2013-4345
CVE-2013-4470
CVE-2013-4483
CVE-2013-4511
CVE-2013-4587
CVE-2013-4588
CVE-2013-4591
CVE-2013-6367
CVE-2013-6368
CVE-2013-6378
CVE-2013-6383
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
Version: 5
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Linux kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1984

Nessus® Vulnerability Scanner

DateDescription
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0536-1.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0832-1.nasl - Type : ACT_GATHER_INFO
2014-07-17Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-375.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-376.nasl - Type : ACT_GATHER_INFO
2014-04-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2906.nasl - Type : ACT_GATHER_INFO
2014-03-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2133-1.nasl - Type : ACT_GATHER_INFO
2014-03-10Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2135-1.nasl - Type : ACT_GATHER_INFO
2014-03-10Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2136-1.nasl - Type : ACT_GATHER_INFO
2014-03-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2138-1.nasl - Type : ACT_GATHER_INFO
2014-03-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2128-1.nasl - Type : ACT_GATHER_INFO
2014-03-06Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2129-1.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2113-1.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2117-1.nasl - Type : ACT_GATHER_INFO
2014-02-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-038.nasl - Type : ACT_GATHER_INFO
2014-01-20Name : The remote Fedora host is missing a security update.
File : fedora_2014-1062.nasl - Type : ACT_GATHER_INFO
2014-01-20Name : The remote Fedora host is missing a security update.
File : fedora_2014-1072.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/64954
CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8...
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8
https://bugzilla.redhat.com/show_bug.cgi?id=1053620
https://github.com/torvalds/linux/commit/8e3fbf870481eb53b2d3a322d1fc395ad8b3...
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858...
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:038
MLIST http://www.openwall.com/lists/oss-security/2014/01/15/3
UBUNTU http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2133-1
http://www.ubuntu.com/usn/USN-2134-1
http://www.ubuntu.com/usn/USN-2135-1
http://www.ubuntu.com/usn/USN-2136-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2141-1
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/90445

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
DateInformations
2019-01-25 12:06:04
  • Multiple Updates
2018-11-17 12:04:36
  • Multiple Updates
2018-10-30 12:06:39
  • Multiple Updates
2018-08-09 12:02:41
  • Multiple Updates
2018-04-25 12:05:29
  • Multiple Updates
2017-08-29 09:24:28
  • Multiple Updates
2016-08-12 12:01:16
  • Multiple Updates
2016-06-30 21:37:15
  • Multiple Updates
2016-06-28 22:35:02
  • Multiple Updates
2016-04-27 00:13:57
  • Multiple Updates
2015-05-21 13:31:11
  • Multiple Updates
2014-07-18 13:24:27
  • Multiple Updates
2014-06-14 13:37:00
  • Multiple Updates
2014-04-28 13:21:55
  • Multiple Updates
2014-03-18 13:24:08
  • Multiple Updates
2014-03-11 13:21:26
  • Multiple Updates
2014-03-10 17:22:40
  • Multiple Updates
2014-03-07 13:21:28
  • Multiple Updates
2014-03-06 13:24:56
  • Multiple Updates
2014-02-21 13:23:37
  • Multiple Updates
2014-02-20 13:21:20
  • Multiple Updates
2014-02-19 13:21:55
  • Multiple Updates
2014-02-17 11:25:11
  • Multiple Updates
2014-01-28 13:20:41
  • Multiple Updates
2014-01-24 13:19:53
  • Multiple Updates
2014-01-22 13:19:14
  • Multiple Updates
2014-01-19 13:19:24
  • First insertion