2.3

CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.14
RedhatEnterprise Linux Version6.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Real Time Extension Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
F5Big-ip Access Policy Manager Version >= 11.1.0 <= 11.6.0
F5Big-ip Access Policy Manager Version12.0.0
F5Big-ip Advanced Firewall Manager Version >= 11.3.0 <= 11.6.0
F5Big-ip Analytics Version >= 11.1.0 <= 11.6.0
F5Big-ip Analytics Version12.0.0
F5Big-ip Application Acceleration Manager Version >= 11.4.0 <= 11.6.0
F5Big-ip Application Security Manager Version >= 11.1.0 <= 11.6.0
F5Big-ip Domain Name System Version12.0.0
F5Big-ip Edge Gateway Version >= 11.1.0 <= 11.3.0
F5Big-ip Global Traffic Manager Version >= 11.1.0 <= 11.6.0
F5Big-ip Link Controller Version >= 11.1.0 <= 11.6.0
F5Big-ip Link Controller Version12.0.0
F5Big-ip Local Traffic Manager Version >= 11.1.0 <= 11.6.0
F5Big-ip Local Traffic Manager Version12.0.0
F5Big-ip Policy Enforcement Manager Version >= 11.3.0 <= 11.6.0
F5Big-ip Protocol Security Module Version >= 11.1.0 <= 11.4.1
F5Big-ip Wan Optimization Manager Version >= 11.1.0 <= 11.3.0
F5Big-ip Webaccelerator Version >= 11.1.0 <= 11.3.0
F5Big-iq Cloud Version >= 4.0.0 <= 4.5.0
F5Big-iq Device Version >= 4.2.0 <= 4.5.0
F5Big-iq Security Version >= 4.0.0 <= 4.5.0
F5Enterprise Manager Version >= 3.0.0 <= 3.1.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.65% 0.463
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.3 4.4 2.9
AV:A/AC:M/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59777
Broken Link
http://secunia.com/advisories/60564
Broken Link
http://www.ubuntu.com/usn/USN-2334-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2335-1
Third Party Advisory
http://secunia.com/advisories/61310
Broken Link
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618
Broken Link
http://secunia.com/advisories/59134
Broken Link
http://www.openwall.com/lists/oss-security/2014/06/11/1
Patch
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1108744
Patch
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
Patch
Third Party Advisory