Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-368
HistoryJul 09, 2014 - 4:29 p.m.

Medium: kernel

2014-07-0916:29:00
alas.aws.amazon.com
165

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

Issue Overview:

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.

Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

DISPUTED Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says “the Linux kernel is not affected; media hype.”

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:

i686:  
    kernel-devel-3.10.48-55.140.amzn1.i686  
    perf-debuginfo-3.10.48-55.140.amzn1.i686  
    kernel-3.10.48-55.140.amzn1.i686  
    kernel-headers-3.10.48-55.140.amzn1.i686  
    kernel-debuginfo-3.10.48-55.140.amzn1.i686  
    perf-3.10.48-55.140.amzn1.i686  
    kernel-debuginfo-common-i686-3.10.48-55.140.amzn1.i686  
  
noarch:  
    kernel-doc-3.10.48-55.140.amzn1.noarch  
  
src:  
    kernel-3.10.48-55.140.amzn1.src  
  
x86_64:  
    kernel-debuginfo-3.10.48-55.140.amzn1.x86_64  
    kernel-headers-3.10.48-55.140.amzn1.x86_64  
    kernel-3.10.48-55.140.amzn1.x86_64  
    kernel-devel-3.10.48-55.140.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-3.10.48-55.140.amzn1.x86_64  
    perf-debuginfo-3.10.48-55.140.amzn1.x86_64  
    perf-3.10.48-55.140.amzn1.x86_64

Additional References

Red Hat: CVE-2014-0206, CVE-2014-4014, CVE-2014-4508, CVE-2014-4608

Mitre: CVE-2014-0206, CVE-2014-4014, CVE-2014-4508, CVE-2014-4608

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686kernel-devel< 3.10.48-55.140.amzn1kernel-devel-3.10.48-55.140.amzn1.i686.rpm
Amazon Linux1i686perf-debuginfo< 3.10.48-55.140.amzn1perf-debuginfo-3.10.48-55.140.amzn1.i686.rpm
Amazon Linux1i686kernel< 3.10.48-55.140.amzn1kernel-3.10.48-55.140.amzn1.i686.rpm
Amazon Linux1i686kernel-headers< 3.10.48-55.140.amzn1kernel-headers-3.10.48-55.140.amzn1.i686.rpm
Amazon Linux1i686kernel-debuginfo< 3.10.48-55.140.amzn1kernel-debuginfo-3.10.48-55.140.amzn1.i686.rpm
Amazon Linux1i686perf< 3.10.48-55.140.amzn1perf-3.10.48-55.140.amzn1.i686.rpm
Amazon Linux1i686kernel-debuginfo-common-i686< 3.10.48-55.140.amzn1kernel-debuginfo-common-i686-3.10.48-55.140.amzn1.i686.rpm
Amazon Linux1noarchkernel-doc< 3.10.48-55.140.amzn1kernel-doc-3.10.48-55.140.amzn1.noarch.rpm
Amazon Linux1x86_64kernel-debuginfo< 3.10.48-55.140.amzn1kernel-debuginfo-3.10.48-55.140.amzn1.x86_64.rpm
Amazon Linux1x86_64kernel-headers< 3.10.48-55.140.amzn1kernel-headers-3.10.48-55.140.amzn1.x86_64.rpm
Rows per page:
1-10 of 151

Related

nessus 43
openvas 54
mageia 9
freebsd 1
seebug 1
zdt 1
f5 4
debiancve 4
exploitpack 1
ubuntucve 4
securityvulns 6
cve 4
prion 4
oraclelinux 6
redhat 5
ubuntu 16
exploitdb 1
cisa 1
thn 1
suse 9
fedora 7
ibm 1
veracode 10
virtuozzo 1
centos 1
cloudlinux 2
osv 1
kitploit 1
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2014-368)
2014-10-12 00:00:00
Fedora 20 : kernel-3.14.9-200.fc20 (2014-7863)
2014-07-01 00:00:00
Fedora 19 : kernel-3.14.13-100.fc19 (2014-8487)
2014-07-26 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-368)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0316)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2014-0332)
2022-01-28 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2014-08-06 00:08:48
Updated kernel-tmb package fixes security vulnerabilities
2014-08-18 13:14:56
Updated kernel-vserver package fixes security vulnerabilities
2014-08-18 13:14:56
freebsd
freebsd
LZO -- potential buffer overrun when processing malicious input data
2014-06-25 00:00:00
seebug
seebug
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-07-01 00:00:00
zdt
zdt
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-06-22 00:00:00
f5
f5
SOL15512 - LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
K15512 : LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
SOL15677 - Linux kernel vulnerability CVE-2014-4014
2014-10-09 00:00:00
debiancve
debiancve
CVE-2014-4608
2014-07-03 04:22:00
CVE-2014-4014
2014-06-23 11:21:00
CVE-2014-0206
2014-06-25 11:19:00
exploitpack
exploitpack
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
ubuntucve
ubuntucve
CVE-2014-4014
2014-06-23 00:00:00
CVE-2014-4608
2014-07-03 00:00:00
CVE-2014-4508
2014-06-23 00:00:00
securityvulns
securityvulns
[oss-security] LMS-2014-06-16-2: Linux Kernel LZO
2014-06-28 00:00:00
Linux kernel multiple security vulnerabilities
2014-07-21 00:00:00
[oss-security] CVE-2014-4014: Linux kernel user namespace bug
2014-06-17 00:00:00
cve
cve
CVE-2014-4608
2014-07-03 04:22:00
CVE-2014-4014
2014-06-23 11:21:00
CVE-2014-0206
2014-06-25 11:19:00
prion
prion
Integer overflow
2014-07-03 04:22:00
Design/Logic Flaw
2014-06-23 11:21:00
Code injection
2014-06-23 11:21:00
oraclelinux
oraclelinux
kernel security update
2020-11-18 00:00:00
Unbreakable Enterprise kernel security update
2020-11-16 00:00:00
kernel security, bug fix, and enhancement update
2014-07-23 00:00:00
redhat
redhat
(RHSA-2021:0181) Moderate: kernel security update
2021-01-19 09:01:02
(RHSA-2015:0062) Important: kernel security, bug fix, and enhancement update
2015-01-20 00:00:00
(RHSA-2014:0786) Important: kernel security, bug fix, and enhancement update
2014-06-24 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-07-17 00:00:00
Linux kernel (EC2) vulnerabilities
2014-11-25 00:00:00
Linux kernel vulnerability
2014-11-25 00:00:00
exploitdb
exploitdb
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
cisa
cisa
Vulnerabilities in LZO and LZ4 compression libraries
2014-07-21 00:00:00
thn
thn
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
2014-06-27 05:43:00
suse
suse
kernel: security and bugfix update (important)
2014-08-11 12:04:19
kernel: security and bugfix update (important)
2014-08-01 15:04:21
Security update for Linux kernel (important)
2014-12-23 19:06:22
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.14.9-200.fc20
2014-06-30 10:29:23
[SECURITY] Fedora 20 Update: kernel-3.15.4-200.fc20
2014-07-11 02:02:48
[SECURITY] Fedora 20 Update: kernel-3.15.6-200.fc20
2014-07-20 03:26:08
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) SMIA Configuration Tool. (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2014-0205, CVE-2014-0206)
2019-01-31 01:55:01
veracode
veracode
Information Disclosure
2019-05-02 05:03:36
Information Disclosure
2019-05-02 05:03:36
Privilege Escalation
2019-05-02 05:03:36
virtuozzo
virtuozzo
[Important] [Security] New kernel 2.6.32-042stab146.1; Virtuozzo 6.0 Update 12 Hotfix 54 (6.0.12-3761)
2021-08-03 00:00:00
centos
centos
kernel, perf, python security update
2014-10-20 18:09:23
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160
2021-09-21 22:11:09
Fix of CVE: CVE-2021-38160, CVE-2021-3573, CVE-2021-38205, CVE-2021-3178, CVE-2021-20265, CVE-2021-3612, CVE-2021-32399, CVE-2021-37159, CVE-2014-4508, CVE-2021-28972, CVE-2021-34693, CVE-2021-20292
2021-09-21 22:11:36
osv
osv
linux-2.6 - security update
2014-12-09 00:00:00
kitploit
kitploit
Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework
2017-11-04 13:30:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON
Related for ALAS-2014-368
nessus43openvas54mageia9freebsd1seebug1zdt1f54debiancve4exploitpack1ubuntucve4securityvulns6cve4prion4oraclelinux6redhat5ubuntu16exploitdb1cisa1thn1suse9fedora7ibm1veracode10virtuozzo1centos1cloudlinux2osv1kitploit1