Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-2851
HistoryApr 14, 2014 - 12:00 a.m.

CVE-2014-2851

2014-04-1400:00:00
ubuntu.com
ubuntu.com
31

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

28.6%

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the
Linux kernel through 3.14.1 allows local users to cause a denial of service
(use-after-free and system crash) or possibly gain privileges via a crafted
application that leverages an improperly managed reference counter.

Bugs

Notes

Author Note
jdstrand android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels
tyhicks android init writes a valid group range to /proc/sys/net/ipv4/ping_group_range which results in all unprivileged users being allowed to open restricted ICMP sockets and trigger this bug
Rows per page:
1-10 of 161

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

28.6%