Vulnerability Details : CVE-2014-0930
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
Vulnerability category: Denial of service
Products affected by CVE-2014-0930
- cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0930
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0930
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.7
|
MEDIUM | AV:L/AC:M/Au:N/C:N/I:N/A:C |
3.4
|
6.9
|
NIST |
References for CVE-2014-0930
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/92262
IBM AIX ptrace denial of service CVE-2014-0930 Vulnerability Report
-
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/
CVE-2014-0930 - PortcullisExploit
-
http://www.ibm.com/support/docview.wss?uid=isg1IV58948
IBM IV58948: AIX PTRACE VULNERABILITY CVE-2014-0930 APPLIES TO AIX 6100-08Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV58766
IBM IV58766: AIX PTRACE VULNERABILITY CVE-2014-0930 APPLIES TO AIX 6100-09Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV58840
IBM IV58840: AIX PTRACE VULNERABILITY CVE-2014-0930 APPLIES TO AIX 7100-03Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV58888
IBM IV58888: AIX PTRACE VULNERABILITY CVE-2014-0930 APPLIES TO AIX 7100-01Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV59045
IBM IV59045: AIX PTRACE VULNERABILITY CVE-2014-0930 APPLIES TO AIX 6100-07
-
http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html
-
http://www.ibm.com/support/docview.wss?uid=isg1IV59675
IBM IV59675: AIX PTRACE VULNERABILITY CVE-2014-0930
-
http://www.ibm.com/support/docview.wss?uid=isg1IV58861
IBM IV58861: AIX PTRACE VULNERABILITY CVE-2014-0930 APPLIES TO AIX 7100-02Vendor Advisory
-
http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc
Vendor Advisory
Jump to