Vulnerability Details : CVE-2014-1690
The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.
Vulnerability category: Information leak
Products affected by CVE-2014-1690
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1690
0.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1690
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2014-1690
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1690
-
http://www.ubuntu.com/usn/USN-2140-1
USN-2140-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1058748
1058748 – (CVE-2014-1690) CVE-2014-1690 Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helperIssue Tracking;Patch;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2158-1
USN-2158-1: Linux kernel (Raring HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/01/28/3
oss-security - Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helperMailing List;Patch;Third Party Advisory
-
https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886
netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper · torvalds/linux@2690d97 · GitHubExploit;Patch;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886
-
http://www.ubuntu.com/usn/USN-2137-1
USN-2137-1: Linux kernel (Saucy HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8
Mailing List;Patch;Vendor Advisory
Jump to