ID

VAR-201405-0243


CVE

CVE-2014-0196


TITLE

Linux kernel n_tty_write 'function competition condition vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201405-092

DESCRIPTION

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. The Linux kernel is prone to a memory-corruption vulnerability. Local attackers can exploit this issue to execute arbitrary code in contexts of the application or corrupt the kernel memory. Failed exploit attempts can result in a denial-of-service condition. Linux kernel 3.0 through versions 3.14.3 are vulnerable. This BID is being retired as a duplicate of BID 67199. The NFSv4 implementation is one of the distributed file system protocols. The vulnerability is caused by the program not properly managing the access rights of the tty driver. CVE-2014-2851 Incorrect reference counting in the ping_init_sock() function allows denial of service or privilege escalation. CVE-2014-3122 Incorrect locking of memory can result in local denial of service. For the stable distribution (wheezy), these problems have been fixed in version 3.2.57-3+deb7u1. This update also fixes a regression in the isci driver and suspend problems with certain AMD CPUs (introduced in the updated kernel from the Wheezy 7.5 point release). For the unstable distribution (sid), these problems will be fixed soon. ============================================================================ Ubuntu Security Notice USN-2227-1 May 27, 2014 linux-ti-omap4 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Several security issues were fixed in the kernel. (CVE-2014-0196) Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. (CVE-2014-1737) A flaw was discovered in the Linux kernel's IPC reference counting. (CVE-2013-4483) Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. (CVE-2014-0069) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) A flaw was discovered in the Linux kernel's handling of the SCTP handshake. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-0101) A flaw was discovered in the handling of routing information in Linux kernel's IPv6 stack. A remote attacker could exploit this flaw to cause a denial of service (memory consumption) via a flood of ICMPv6 router advertisement packets. (CVE-2014-2309) An error was discovered in the Linux kernel's DCCP protocol support. (CVE-2014-2523) Max Sydorenko discovered a race condition in the Atheros 9k wireless driver in the Linux kernel. This race could be exploited by remote attackers to cause a denial of service (system crash). (CVE-2014-2672) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. (CVE-2014-2678) Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers could exploit this flaw to cause a denial of service (system crash). (CVE-2014-2706) A flaw was discovered in the Linux kernel's ping sockets. (CVE-2014-2851) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: linux-image-3.2.0-1446-omap4 3.2.0-1446.65 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:124 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : kernel Date : June 13, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in the Linux kernel: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (CVE-2014-3917). The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification (CVE-2014-3153). NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced (CVE-2014-3144). NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced (CVE-2014-3145). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk (CVE-2014-0101). The updated packages provides a solution for these security issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2039 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: d4a1665d801553272f379aa8190d7208 mbs1/x86_64/cpupower-3.4.93-1.1.mbs1.x86_64.rpm dac586e9467ccffcb0f03d7d6902c714 mbs1/x86_64/kernel-firmware-3.4.93-1.1.mbs1.noarch.rpm d67bdbd6148b7e7f187244fc2fb17629 mbs1/x86_64/kernel-headers-3.4.93-1.1.mbs1.src.rpm 6f011d528d57e6bfe3f348e124cc11d5 mbs1/x86_64/kernel-headers-3.4.93-1.1.mbs1.x86_64.rpm 6d7935addb463a2dc0cec144390f0786 mbs1/x86_64/kernel-server-3.4.93-1.1.mbs1.x86_64.rpm c013f3a9ae5f48694d91bfac81169c67 mbs1/x86_64/kernel-server-devel-3.4.93-1.1.mbs1.x86_64.rpm 87c7893b5fdfed6d766cac365e78f213 mbs1/x86_64/kernel-source-3.4.93-1.mbs1.noarch.rpm 298e025c2b05845d67efc4566db3d152 mbs1/x86_64/lib64cpupower0-3.4.93-1.1.mbs1.x86_64.rpm 45e43387ed27d1281fe5b15304f796f6 mbs1/x86_64/lib64cpupower-devel-3.4.93-1.1.mbs1.x86_64.rpm 3a74f07a429ea1b403d676f73b7ecbf9 mbs1/x86_64/perf-3.4.93-1.1.mbs1.x86_64.rpm bd6bd37cd3ff3b6844b04821d6da2779 mbs1/SRPMS/cpupower-3.4.93-1.1.mbs1.src.rpm 88c98d0723446a0717159574e06d9e3b mbs1/SRPMS/kernel-firmware-3.4.93-1.1.mbs1.src.rpm 7a84b2886c92e812943c76b2faafd068 mbs1/SRPMS/kernel-server-3.4.93-1.1.mbs1.src.rpm 7a431cec5f9862815f4d92f2ca1f8d9d mbs1/SRPMS/kernel-source-3.4.93-1.mbs1.src.rpm 65654157eb504295dbd05676ed40c968 mbs1/SRPMS/perf-3.4.93-1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTmvH3mqjQ0CJFipgRAjgaAKDtCfvK/cukQMyPkhdgllxaobQHFQCdHoJo g42VcK2YoEgcX9BPP3/zfWg= =4uZg -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2014:0678-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0678.html Issue date: 2014-06-10 CVE Names: CVE-2014-0196 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1094232 - CVE-2014-0196 kernel: pty layer race condition leading to memory corruption 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-123.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.1.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-headers-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.1.2.el7.x86_64.rpm perf-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kernel-doc-3.10.0-123.1.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-123.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.1.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-headers-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.1.2.el7.x86_64.rpm perf-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: kernel-doc-3.10.0-123.1.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-123.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.1.2.el7.noarch.rpm ppc64: kernel-3.10.0-123.1.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-123.1.2.el7.ppc64.rpm kernel-debug-3.10.0-123.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-123.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.1.2.el7.ppc64.rpm kernel-devel-3.10.0-123.1.2.el7.ppc64.rpm kernel-headers-3.10.0-123.1.2.el7.ppc64.rpm kernel-tools-3.10.0-123.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-123.1.2.el7.ppc64.rpm perf-3.10.0-123.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm s390x: kernel-3.10.0-123.1.2.el7.s390x.rpm kernel-debug-3.10.0-123.1.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-123.1.2.el7.s390x.rpm kernel-debug-devel-3.10.0-123.1.2.el7.s390x.rpm kernel-debuginfo-3.10.0-123.1.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.1.2.el7.s390x.rpm kernel-devel-3.10.0-123.1.2.el7.s390x.rpm kernel-headers-3.10.0-123.1.2.el7.s390x.rpm kernel-kdump-3.10.0-123.1.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.1.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-123.1.2.el7.s390x.rpm perf-3.10.0-123.1.2.el7.s390x.rpm perf-debuginfo-3.10.0-123.1.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.s390x.rpm x86_64: kernel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-headers-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.1.2.el7.x86_64.rpm perf-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: kernel-doc-3.10.0-123.1.2.el7.noarch.rpm ppc64: kernel-debug-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-123.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm python-perf-3.10.0-123.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-123.1.2.el7.s390x.rpm kernel-debuginfo-3.10.0-123.1.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.1.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.1.2.el7.s390x.rpm perf-debuginfo-3.10.0-123.1.2.el7.s390x.rpm python-perf-3.10.0-123.1.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-123.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.1.2.el7.noarch.rpm x86_64: kernel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-devel-3.10.0-123.1.2.el7.x86_64.rpm kernel-headers-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.1.2.el7.x86_64.rpm perf-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: kernel-doc-3.10.0-123.1.2.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm python-perf-3.10.0-123.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0196.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTl13yXlSAg2UNWIIRAlcRAJ9jfcysxf2wwpamOHxZ1xkvfhfNQACcD3cV COm6ik75/ztcYx+xwi0ACr8= =YLol -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.98

sources: NVD: CVE-2014-0196 // BID: 67282 // VULHUB: VHN-67689 // VULMON: CVE-2014-0196 // PACKETSTORM: 126578 // PACKETSTORM: 126506 // PACKETSTORM: 126800 // PACKETSTORM: 126509 // PACKETSTORM: 126510 // PACKETSTORM: 127099 // PACKETSTORM: 127035

AFFECTED PRODUCTS

vendor:f5model:big-iq securityscope:lteversion:4.5.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.10

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.3.0

Trust: 1.0

vendor:f5model:enterprise managerscope:eqversion:3.1.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.1.0

Trust: 1.0

vendor:f5model:big-iq devicescope:lteversion:4.5.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:11.1.0

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.13

Trust: 1.0

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:13.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.4

Trust: 1.0

vendor:linuxmodel:kernelscope:gtversion:2.6.31

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:f5model:big-iq cloudscope:gteversion:4.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:11.5.1

Trust: 1.0

vendor:f5model:enterprise managerscope:eqversion:3.1.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.3.0

Trust: 1.0

vendor:f5model:big-iq devicescope:gteversion:4.2.0

Trust: 1.0

vendor:f5model:big-iq securityscope:gteversion:4.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.1.0

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.11

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.3.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.14.4

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.3

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip wan optimization managerscope:gteversion:11.1.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.10.40

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.5

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:lteversion:11.4.1

Trust: 1.0

vendor:susemodel:linux enterprise high availability extensionscope:eqversion:11

Trust: 1.0

vendor:f5model:big-ip protocol security modulescope:gteversion:11.1.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.12.20

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.2.59

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.1.0

Trust: 1.0

vendor:f5model:big-iq cloudscope:lteversion:4.5.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.5.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.1.0

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:2.6.31

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:11

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:6.3

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip wan optimization managerscope:lteversion:11.3.0

Trust: 1.0

vendor:f5model:big-iq application delivery controllerscope:eqversion:4.5.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:eqversion:4.6.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.4.91

Trust: 1.0

vendor:f5model:big-iq cloud and orchestrationscope:eqversion:1.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.5.1

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.4.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.3

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.3.0

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:3.0.55

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.2.7

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.56

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.61

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.64

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.60

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.62

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.63

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.53

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.0.54

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:3.3.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.3.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.3.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.2.13

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.2.9

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.2.1

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.1.8

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.0.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.0.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.0.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.0.1

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.2.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.0.18

Trust: 0.3

vendor:linuxmodel:kernel 3.0-rc1scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

sources: BID: 67282 // CNNVD: CNNVD-201405-092 // NVD: CVE-2014-0196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0196
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201405-092
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67689
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-0196
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0196
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-67689
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-67689 // VULMON: CVE-2014-0196 // CNNVD: CNNVD-201405-092 // NVD: CVE-2014-0196

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

sources: VULHUB: VHN-67689 // NVD: CVE-2014-0196

THREAT TYPE

local

Trust: 1.1

sources: BID: 67282 // PACKETSTORM: 126800 // PACKETSTORM: 127035 // CNNVD: CNNVD-201405-092

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201405-092

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-67689 // VULMON: CVE-2014-0196

PATCH

title:linux-3.14.4url:http://123.124.177.30/web/xxk/bdxqById.tag?id=49773

Trust: 0.6

title:linux-3.14.4url:http://123.124.177.30/web/xxk/bdxqById.tag?id=49772

Trust: 0.6

title:Ubuntu Security Notice: linux vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2204-1

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2203-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-quantal vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2199-1

Trust: 0.1

title:Ubuntu Security Notice: linux-ec2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2197-1

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2196-1

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2198-1

Trust: 0.1

title:Ubuntu Security Notice: linux vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2202-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-saucy vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2201-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-raring vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2200-1

Trust: 0.1

title:Red Hat: CVE-2014-0196url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-0196

Trust: 0.1

title:Amazon Linux AMI: ALAS-2014-339url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-339

Trust: 0.1

title:Amazon Linux AMI: ALAS-2014-392url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-392

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2014-3122: try_to_unmap_cluster() should lock_page() before mlockingurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e518c00ae2addd2c6e5ede8febf60365

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2014-0196: pty layer race condition memory corruptionurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=47961f3c5321e4c0c1841969631cdf51

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-trusty vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2260-1

Trust: 0.1

title:Ubuntu Security Notice: linux-ti-omap4 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2227-1

Trust: 0.1

title:https://github.com/SunRain/CVE-2014-0196url:https://github.com/SunRain/CVE-2014-0196

Trust: 0.1

title:kernel Exploitationurl:https://github.com/ex4722/kernel_exploitation

Trust: 0.1

title:CVE-2014-0196url:https://github.com/tempbottle/CVE-2014-0196

Trust: 0.1

title:Exploitsurl:https://github.com/ycdxsb/Exploits

Trust: 0.1

title:Exploitsurl:https://github.com/ycdxsb/CVEs

Trust: 0.1

title:Exploit Development: Case Studies Windows Unix-likeurl:https://github.com/dyjakan/exploit-development-case-studies

Trust: 0.1

title:kernelpop run modesurl:https://github.com/ferovap/Tools

Trust: 0.1

title:kernelpop usageurl:https://github.com/spencerdodd/kernelpop

Trust: 0.1

title:https://github.com/20142995/pocsuiteurl:https://github.com/20142995/pocsuite

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/p00h00/linux-exploits

Trust: 0.1

title:Localroot Exploiturl:https://github.com/anoaghost/Localroot_Compile

Trust: 0.1

title:Android kernel exploiturl:https://github.com/tangsilian/android-vuln

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/Shadowshusky/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/Feng4/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/coffee727/linux-exp

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/copperfieldd/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/m0mkris/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/C0dak/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/password520/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/xssfile/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/qiantu88/Linux--exp

Trust: 0.1

title:Linux-Kernel-Exploiturl:https://github.com/ozkanbilge/Linux-Kernel-Exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/s0wr0b1ndef/Linux-Kernal-Exploits-m-

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/zyjsuper/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/albinjoshy03/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/kumardineshwar/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/Straight-wood/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/SecWiki/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/yige666/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/QChiLan/linux-exp

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/xfinest/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/alian87/linux-kernel-exploits

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/Micr067/linux-kernel-exploits

Trust: 0.1

title:https://github.com/fei9747/LinuxEelvationurl:https://github.com/fei9747/LinuxEelvation

Trust: 0.1

title:linux-kernel-exploitsurl:https://github.com/De4dCr0w/Linux-kernel-EoP-exp

Trust: 0.1

title:Linux-Kernel-exploiturl:https://github.com/skbasava/Linux-Kernel-exploit

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/Technoashofficial/kernel-exploitation-linux

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/s0wr0b1ndef/linux-kernel-exploitation

Trust: 0.1

title:https://github.com/Al1ex/LinuxEelvationurl:https://github.com/Al1ex/LinuxEelvation

Trust: 0.1

title:Localroot Collection ✨url:https://github.com/Snoopy-Sec/Localroot-ALL-CVE

Trust: 0.1

title:Linux Privilege Escalation Exploitsurl:https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits

Trust: 0.1

title:所有收集类项目 Android 目录 资源收集 知名分析工具 各类App Topic 其他 工具 文章 贡献url:https://github.com/alphaSeclab/android-security

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/TamilHackz/linux-kernel-exploitation

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/khanhdz191/linux-kernel-exploitation

Trust: 0.1

title:Contentsurl:https://github.com/hktalent/bug-bounty

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/xairy/linux-kernel-exploitation

Trust: 0.1

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:Securelisturl:https://securelist.com/elasticsearch-vuln-abuse-on-amazon-cloud-and-more-for-ddos-and-profit/65192/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2014/07/25/how_long_is_too_long_to_wait_for_a_security_update/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2014/05/14/linux_distos_get_patching_on_terminal_bug/

Trust: 0.1

sources: VULMON: CVE-2014-0196 // CNNVD: CNNVD-201405-092

EXTERNAL IDS

db:NVDid:CVE-2014-0196

Trust: 2.8

db:OSVDBid:106646

Trust: 1.8

db:SECUNIAid:59218

Trust: 1.8

db:SECUNIAid:59262

Trust: 1.8

db:SECUNIAid:59599

Trust: 1.8

db:EXPLOIT-DBid:33516

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2014/05/05/6

Trust: 1.8

db:CNNVDid:CNNVD-201405-092

Trust: 0.7

db:BIDid:67282

Trust: 0.3

db:PACKETSTORMid:126509

Trust: 0.2

db:PACKETSTORMid:126510

Trust: 0.2

db:PACKETSTORMid:127035

Trust: 0.2

db:PACKETSTORMid:126506

Trust: 0.2

db:PACKETSTORMid:126578

Trust: 0.2

db:PACKETSTORMid:126512

Trust: 0.1

db:PACKETSTORMid:126508

Trust: 0.1

db:PACKETSTORMid:126603

Trust: 0.1

db:PACKETSTORMid:126511

Trust: 0.1

db:PACKETSTORMid:126712

Trust: 0.1

db:PACKETSTORMid:126503

Trust: 0.1

db:PACKETSTORMid:126624

Trust: 0.1

db:PACKETSTORMid:126500

Trust: 0.1

db:PACKETSTORMid:126507

Trust: 0.1

db:SEEBUGid:SSVID-86729

Trust: 0.1

db:VULHUBid:VHN-67689

Trust: 0.1

db:VULMONid:CVE-2014-0196

Trust: 0.1

db:PACKETSTORMid:126800

Trust: 0.1

db:PACKETSTORMid:127099

Trust: 0.1

sources: VULHUB: VHN-67689 // VULMON: CVE-2014-0196 // BID: 67282 // PACKETSTORM: 126578 // PACKETSTORM: 126506 // PACKETSTORM: 126800 // PACKETSTORM: 126509 // PACKETSTORM: 126510 // PACKETSTORM: 127099 // PACKETSTORM: 127035 // CNNVD: CNNVD-201405-092 // NVD: CVE-2014-0196

REFERENCES

url:https://bugzilla.redhat.com/show_bug.cgi?id=1094232

Trust: 2.1

url:http://www.ubuntu.com/usn/usn-2196-1

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2201-1

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2202-1

Trust: 1.9

url:http://www.osvdb.org/106646

Trust: 1.8

url:http://www.exploit-db.com/exploits/33516

Trust: 1.8

url:http://secunia.com/advisories/59218

Trust: 1.8

url:http://secunia.com/advisories/59262

Trust: 1.8

url:http://secunia.com/advisories/59599

Trust: 1.8

url:http://www.debian.org/security/2014/dsa-2926

Trust: 1.8

url:http://www.debian.org/security/2014/dsa-2928

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2014-0512.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2197-1

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2198-1

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2199-1

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2200-1

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2203-1

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-2204-1

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2014/05/05/6

Trust: 1.8

url:http://bugzilla.novell.com/show_bug.cgi?id=875690

Trust: 1.8

url:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3ba=commit%3bh=4291086b1f081b869c6d79e5b7441633dc3ace00

Trust: 1.8

url:http://linux.oracle.com/errata/elsa-2014-0771.html

Trust: 1.8

url:http://pastebin.com/raw.php?i=ytsfubgz

Trust: 1.8

url:http://source.android.com/security/bulletin/2016-07-01.html

Trust: 1.8

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html

Trust: 1.8

url:https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-0196

Trust: 0.7

url:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4291086b1f081b869c6d79e5b7441633dc3ace00

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2014-0196

Trust: 0.4

url:http://www.kernel.org/

Trust: 0.3

url:http://linux.oracle.com/errata/elsa-2014-3034.html

Trust: 0.3

url:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4291086b1f081b869c6d79e5b7441633dc3ace00

Trust: 0.3

url:http://bugzillafiles.novell.org/attachment.cgi?id=588355

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-2851

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-1738

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-1737

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-2706

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0069

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0101

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-2309

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-2678

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-2672

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-2523

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0077

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/362.html

Trust: 0.1

url:https://www.exploit-db.com/exploits/33516/

Trust: 0.1

url:https://github.com/sunrain/cve-2014-0196

Trust: 0.1

url:https://github.com/tempbottle/cve-2014-0196

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2204-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3122

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/2.6.32-58.121

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1446.65

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4483

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2227-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-lts-saucy/3.11.0-20.35~precise1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/3.5.0-49.74

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2523

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0101

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0196

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0077

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2137

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2706

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3144

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2309

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2678

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3144

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-2039

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2039

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3917

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1738

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2897

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1874

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2851

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3917

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3145

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3145

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2897

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1874

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0069

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1737

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-0196.html

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://access.redhat.com/site/articles/11258

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0678.html

Trust: 0.1

sources: VULHUB: VHN-67689 // VULMON: CVE-2014-0196 // BID: 67282 // PACKETSTORM: 126578 // PACKETSTORM: 126506 // PACKETSTORM: 126800 // PACKETSTORM: 126509 // PACKETSTORM: 126510 // PACKETSTORM: 127099 // PACKETSTORM: 127035 // CNNVD: CNNVD-201405-092 // NVD: CVE-2014-0196

CREDITS

Ubuntu

Trust: 0.4

sources: PACKETSTORM: 126506 // PACKETSTORM: 126800 // PACKETSTORM: 126509 // PACKETSTORM: 126510

SOURCES

db:VULHUBid:VHN-67689
db:VULMONid:CVE-2014-0196
db:BIDid:67282
db:PACKETSTORMid:126578
db:PACKETSTORMid:126506
db:PACKETSTORMid:126800
db:PACKETSTORMid:126509
db:PACKETSTORMid:126510
db:PACKETSTORMid:127099
db:PACKETSTORMid:127035
db:CNNVDid:CNNVD-201405-092
db:NVDid:CVE-2014-0196

LAST UPDATE DATE

2024-12-22T22:09:46.388000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-67689date:2023-02-13T00:00:00
db:VULMONid:CVE-2014-0196date:2024-02-09T00:00:00
db:BIDid:67282date:2015-05-07T17:09:00
db:CNNVDid:CNNVD-201405-092date:2023-02-13T00:00:00
db:NVDid:CVE-2014-0196date:2024-12-19T18:45:22.253

SOURCES RELEASE DATE

db:VULHUBid:VHN-67689date:2014-05-07T00:00:00
db:VULMONid:CVE-2014-0196date:2014-05-07T00:00:00
db:BIDid:67282date:2014-04-29T00:00:00
db:PACKETSTORMid:126578date:2014-05-12T18:50:56
db:PACKETSTORMid:126506date:2014-05-06T20:24:11
db:PACKETSTORMid:126800date:2014-05-27T16:02:18
db:PACKETSTORMid:126509date:2014-05-06T20:24:30
db:PACKETSTORMid:126510date:2014-05-06T20:24:36
db:PACKETSTORMid:127099date:2014-06-15T17:22:00
db:PACKETSTORMid:127035date:2014-06-11T00:09:36
db:CNNVDid:CNNVD-201405-092date:2014-05-08T00:00:00
db:NVDid:CVE-2014-0196date:2014-05-07T10:55:04.337