[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2014-3917

Date: (C)2014-06-16   (M)2017-05-11
 
CVSS Score: 3.3Access Vector: LOCAL
Exploitability Subscore: 3.4Access Complexity: MEDIUM
Impact Subscore: 4.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: PARTIAL











kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.

Reference:
SECUNIA-59777
SECUNIA-60011
SECUNIA-60564
RHSA-2014:1143
RHSA-2014:1281
SUSE-SU-2015:0812
USN-2334-1
USN-2335-1
http://article.gmane.org/gmane.linux.kernel/1713179
http://www.openwall.com/lists/oss-security/2014/05/29/5
https://bugzilla.redhat.com/show_bug.cgi?id=1102571

CPE    17
cpe:/a:redhat:enterprise_mrg:2.0
cpe:/o:redhat:enterprise_linux:5
cpe:/o:redhat:enterprise_linux:6
cpe:/o:linux:linux_kernel:3.14:rc8
...
CWE    1
CWE-200
OVAL    58
oval:org.secpod.oval:def:203408
oval:org.secpod.oval:def:501376
oval:org.secpod.oval:def:702155
oval:org.secpod.oval:def:702154
...
XCCDF    1
CWE-200

© 2013 SecPod Technologies