6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel’s N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
bugzilla.novell.com/show_bug.cgi?id=875690
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4291086b1f081b869c6d79e5b7441633dc3ace00
linux.oracle.com/errata/ELSA-2014-0771.html
lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
pastebin.com/raw.php?i=yTSFUBgZ
rhn.redhat.com/errata/RHSA-2014-0512.html
secunia.com/advisories/59218
secunia.com/advisories/59262
secunia.com/advisories/59599
source.android.com/security/bulletin/2016-07-01.html
support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html
www.debian.org/security/2014/dsa-2926
www.debian.org/security/2014/dsa-2928
www.exploit-db.com/exploits/33516
www.openwall.com/lists/oss-security/2014/05/05/6
www.osvdb.org/106646
www.ubuntu.com/usn/USN-2196-1
www.ubuntu.com/usn/USN-2197-1
www.ubuntu.com/usn/USN-2198-1
www.ubuntu.com/usn/USN-2199-1
www.ubuntu.com/usn/USN-2200-1
www.ubuntu.com/usn/USN-2201-1
www.ubuntu.com/usn/USN-2202-1
www.ubuntu.com/usn/USN-2203-1
www.ubuntu.com/usn/USN-2204-1
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1094232
github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00
rhn.redhat.com/errata/RHSA-2014-0557.html