CVE-2014-9683

Опубликовано: 17 фев. 2015

Источник: redhat

CVSS2: 3.6

EPSS Низкий

Описание

Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

Отчет

This issue did not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 7; and kernel-rt packages as shipped with Red Hat Enterprise MRG 2 and Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2015:1272	20.07.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1193830kernel: buffer overflow in eCryptfs

EPSS

Процентиль: 19%

0.00061

Низкий

3.6 Low

CVSS2

Связанные уязвимости

CVE-2014-9683

ubuntu

больше 10 лет назад

CVE-2014-9683

nvd

больше 10 лет назад

CVE-2014-9683

debian

больше 10 лет назад

Off-by-one error in the ecryptfs_decode_from_filename function in fs/e ...

GHSA-9w96-6pfj-xgrv

github

около 3 лет назад

ELSA-2015-3053

oracle-oval

почти 10 лет назад

ELSA-2015-3053: Unbreakable Enterprise kernel security update (MODERATE)

EPSS

Процентиль: 19%

0.00061

Низкий

3.6 Low

CVSS2