Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-289
HistoryFeb 26, 2014 - 2:26 p.m.

Medium: kernel

2014-02-2614:26:00
alas.aws.amazon.com
28

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

JSON

Issue Overview:

The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:

i686:  
    kernel-tools-3.4.82-69.112.amzn1.i686  
    kernel-tools-debuginfo-3.4.82-69.112.amzn1.i686  
    kernel-3.4.82-69.112.amzn1.i686  
    kernel-headers-3.4.82-69.112.amzn1.i686  
    kernel-debuginfo-common-i686-3.4.82-69.112.amzn1.i686  
    kernel-devel-3.4.82-69.112.amzn1.i686  
    kernel-debuginfo-3.4.82-69.112.amzn1.i686  
  
noarch:  
    kernel-doc-3.4.82-69.112.amzn1.noarch  
  
src:  
    kernel-3.4.82-69.112.amzn1.src  
  
x86_64:  
    kernel-headers-3.4.82-69.112.amzn1.x86_64  
    kernel-3.4.82-69.112.amzn1.x86_64  
    kernel-tools-debuginfo-3.4.82-69.112.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-3.4.82-69.112.amzn1.x86_64  
    kernel-devel-3.4.82-69.112.amzn1.x86_64  
    kernel-debuginfo-3.4.82-69.112.amzn1.x86_64  
    kernel-tools-3.4.82-69.112.amzn1.x86_64

Additional References

Red Hat: CVE-2013-7263, CVE-2013-7265, CVE-2014-0069, CVE-2014-1874

Mitre: CVE-2013-7263, CVE-2013-7265, CVE-2014-0069, CVE-2014-1874

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686kernel-tools< 3.4.82-69.112.amzn1kernel-tools-3.4.82-69.112.amzn1.i686.rpm
Amazon Linux1i686kernel-tools-debuginfo< 3.4.82-69.112.amzn1kernel-tools-debuginfo-3.4.82-69.112.amzn1.i686.rpm
Amazon Linux1i686kernel< 3.4.82-69.112.amzn1kernel-3.4.82-69.112.amzn1.i686.rpm
Amazon Linux1i686kernel-headers< 3.4.82-69.112.amzn1kernel-headers-3.4.82-69.112.amzn1.i686.rpm
Amazon Linux1i686kernel-debuginfo-common-i686< 3.4.82-69.112.amzn1kernel-debuginfo-common-i686-3.4.82-69.112.amzn1.i686.rpm
Amazon Linux1i686kernel-devel< 3.4.82-69.112.amzn1kernel-devel-3.4.82-69.112.amzn1.i686.rpm
Amazon Linux1i686kernel-debuginfo< 3.4.82-69.112.amzn1kernel-debuginfo-3.4.82-69.112.amzn1.i686.rpm
Amazon Linux1noarchkernel-doc< 3.4.82-69.112.amzn1kernel-doc-3.4.82-69.112.amzn1.noarch.rpm
Amazon Linux1x86_64kernel-headers< 3.4.82-69.112.amzn1kernel-headers-3.4.82-69.112.amzn1.x86_64.rpm
Amazon Linux1x86_64kernel< 3.4.82-69.112.amzn1kernel-3.4.82-69.112.amzn1.x86_64.rpm
Rows per page:
1-10 of 151

Related

openvas 73
nessus 43
redhat 2
veracode 8
oraclelinux 9
suse 6
centos 1
ubuntu 16
prion 5
cve 5
nvd 5
cvelist 4
f5 4
debiancve 4
ubuntucve 4
cbl_mariner 2
securityvulns 3
mageia 2
fedora 2
altlinux 1
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-289)
2015-09-08 00:00:00
Oracle: Security Advisory (ELSA-2014-3011)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2014-3010)
2015-10-06 00:00:00
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2014-289)
2014-03-02 00:00:00
Fedora 20 : kernel-3.13.3-201.fc20 (2014-2576)
2014-02-18 00:00:00
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3011)
2014-02-17 00:00:00
redhat
redhat
(RHSA-2014:0439) Important: kernel-rt security, bug fix, and enhancement update
2014-04-28 00:00:00
(RHSA-2014:0159) Important: kernel security and bug fix update
2014-02-11 00:00:00
veracode
veracode
Sensitive Information Disclosure
2019-05-02 04:57:44
Denial Of Service (DoS)
2019-05-02 04:57:44
Sensitive Information Disclosure
2019-05-02 04:57:44
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2014-02-14 00:00:00
Unbreakable Enterprise kernel security update
2014-02-14 00:00:00
unbreakable enterprise kernel security update
2014-02-13 00:00:00
suse
suse
Security update for Linux Kernel (important)
2014-03-28 02:04:16
Security update for Linux kernel (important)
2014-04-16 01:05:16
Security update for Linux kernel (important)
2014-04-17 02:05:07
centos
centos
kernel, perf, python security update
2014-02-12 04:44:55
ubuntu
ubuntu
Linux kernel (EC2) vulnerabilities
2014-02-18 00:00:00
Linux kernel vulnerabilities
2014-02-18 00:00:00
Linux kernel vulnerabilities
2014-04-26 00:00:00
prion
prion
Design/Logic Flaw
2014-01-06 16:55:00
Information disclosure
2014-01-06 16:55:00
Code injection
2014-01-06 16:55:00
cve
cve
CVE-2013-6405
2014-01-06 16:55:08
CVE-2013-7265
2014-01-06 16:55:09
CVE-2013-7263
2014-01-06 16:55:09
nvd
nvd
CVE-2013-6405
2014-01-06 16:55:08
CVE-2013-7265
2014-01-06 16:55:09
CVE-2013-7263
2014-01-06 16:55:09
cvelist
cvelist
CVE-2013-7265
2014-01-06 11:00:00
CVE-2013-7263
2014-01-06 11:00:00
CVE-2014-1874
2014-02-28 02:00:00
f5
f5
SOL15983 - Linux kernel vulnerability CVE-2013-7263
2015-01-12 00:00:00
K15983 : Linux kernel vulnerability CVE-2013-7263
2015-01-12 00:00:00
SOL15984 - Linux kernel vulnerability CVE-2013-7265
2015-01-14 00:00:00
debiancve
debiancve
CVE-2013-7265
2014-01-06 16:55:09
CVE-2013-7263
2014-01-06 16:55:09
CVE-2014-1874
2014-02-28 06:18:54
ubuntucve
ubuntucve
CVE-2013-7265
2014-01-06 00:00:00
CVE-2013-7263
2014-01-06 00:00:00
CVE-2014-1874
2014-02-07 00:00:00
cbl_mariner
cbl_mariner
CVE-2014-0069 affecting package kernel for versions less than 6.6.29.1-4
2024-06-21 09:32:44
CVE-2014-0069 affecting package kernel for versions less than 5.15.148.2-2
2024-02-25 03:00:06
securityvulns
securityvulns
[USN-2179-1] Linux kernel vulnerabilities
2014-05-04 00:00:00
[USN-2140-1] Linux kernel vulnerabilities
2014-03-31 00:00:00
[ MDVSA-2014:001 ] kernel
2014-01-14 00:00:00
mageia
mageia
Updated kernel fixes security vulnerabilities
2014-02-26 22:37:33
Updated kernel-linus packages fixes multiple bugs and vulnerabilities
2014-05-09 01:51:33
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.13.3-201.fc20
2014-02-17 21:05:53
[SECURITY] Fedora 20 Update: kernel-3.13.5-200.fc20
2014-02-28 18:35:59
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt20
2014-03-26 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

JSON
Related for ALAS-2014-289
openvas73nessus43redhat2veracode8oraclelinux9suse6centos1ubuntu16prion5cve5nvd5cvelist4f54debiancve4ubuntucve4cbl_mariner2securityvulns3mageia2fedora2altlinux1