CVE - CVE-2014-4699

CVE-ID
CVE-2014-4699	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
EXPLOIT-DB:34134 URL:http://www.exploit-db.com/exploits/34134 MLIST:[oss-security] 20140704 CVE-2014-4699: Linux ptrace bug URL:http://www.openwall.com/lists/oss-security/2014/07/04/4 MLIST:[oss-security] 20140705 Re: CVE-2014-4699: Linux ptrace bug URL:http://openwall.com/lists/oss-security/2014/07/05/4 MLIST:[oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug URL:http://openwall.com/lists/oss-security/2014/07/08/5 MLIST:[oss-security] 20140708 Re: CVE-2014-4699: Linux ptrace bug URL:http://openwall.com/lists/oss-security/2014/07/08/16 MISC:http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1115927 CONFIRM:https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47 CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11 CONFIRM:https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.97 CONFIRM:http://linux.oracle.com/errata/ELSA-2014-3047.html CONFIRM:http://linux.oracle.com/errata/ELSA-2014-3048.html CONFIRM:http://linux.oracle.com/errata/ELSA-2014-0924.html DEBIAN:DSA-2972 URL:http://www.debian.org/security/2014/dsa-2972 UBUNTU:USN-2266-1 URL:http://www.ubuntu.com/usn/USN-2266-1 UBUNTU:USN-2267-1 URL:http://www.ubuntu.com/usn/USN-2267-1 UBUNTU:USN-2268-1 URL:http://www.ubuntu.com/usn/USN-2268-1 UBUNTU:USN-2269-1 URL:http://www.ubuntu.com/usn/USN-2269-1 UBUNTU:USN-2270-1 URL:http://www.ubuntu.com/usn/USN-2270-1 UBUNTU:USN-2271-1 URL:http://www.ubuntu.com/usn/USN-2271-1 UBUNTU:USN-2272-1 URL:http://www.ubuntu.com/usn/USN-2272-1 UBUNTU:USN-2273-1 URL:http://www.ubuntu.com/usn/USN-2273-1 UBUNTU:USN-2274-1 URL:http://www.ubuntu.com/usn/USN-2274-1 OSVDB:108754 URL:http://www.osvdb.org/108754 SECUNIA:59633 URL:http://secunia.com/advisories/59633 SECUNIA:59639 URL:http://secunia.com/advisories/59639 SECUNIA:59654 URL:http://secunia.com/advisories/59654 SECUNIA:60220 URL:http://secunia.com/advisories/60220 SECUNIA:60380 URL:http://secunia.com/advisories/60380 SECUNIA:60393 URL:http://secunia.com/advisories/60393
Assigning CNA
N/A
Date Entry Created
20140630	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140630)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.