Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0667.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0667-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2014:0667-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2014:0667-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the following severe security issues:

*

CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798)

*

CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a
/dev/fd device. (bnc#875798)

*

CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the 'LECHO & !OPOST' case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690)

Security Issues references:

* CVE-2014-0196
* CVE-2014-1737
* CVE-2014-1738

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise High Availability Extension 11 SP3, SUSE Linux Enterprise Desktop 11 SP3, SLE 11

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0196
Debian Security Information: DSA-2926 (Google Search)
http://www.debian.org/security/2014/dsa-2926
Debian Security Information: DSA-2928 (Google Search)
http://www.debian.org/security/2014/dsa-2928
http://www.exploit-db.com/exploits/33516
http://pastebin.com/raw.php?i=yTSFUBgZ
http://www.openwall.com/lists/oss-security/2014/05/05/6
http://www.osvdb.org/106646
RedHat Security Advisories: RHSA-2014:0512
http://rhn.redhat.com/errata/RHSA-2014-0512.html
http://secunia.com/advisories/59218
http://secunia.com/advisories/59262
http://secunia.com/advisories/59599
SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
http://www.ubuntu.com/usn/USN-2196-1
http://www.ubuntu.com/usn/USN-2197-1
http://www.ubuntu.com/usn/USN-2198-1
http://www.ubuntu.com/usn/USN-2199-1
http://www.ubuntu.com/usn/USN-2200-1
http://www.ubuntu.com/usn/USN-2201-1
http://www.ubuntu.com/usn/USN-2202-1
http://www.ubuntu.com/usn/USN-2203-1
http://www.ubuntu.com/usn/USN-2204-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-1737
BugTraq ID: 67300
http://www.securityfocus.com/bid/67300
http://www.openwall.com/lists/oss-security/2014/05/09/2
RedHat Security Advisories: RHSA-2014:0800
http://rhn.redhat.com/errata/RHSA-2014-0800.html
RedHat Security Advisories: RHSA-2014:0801
http://rhn.redhat.com/errata/RHSA-2014-0801.html
http://www.securitytracker.com/id/1030474
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
Common Vulnerability Exposure (CVE) ID: CVE-2014-1738
BugTraq ID: 67302
http://www.securityfocus.com/bid/67302
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.