CVE-2014-1690 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2014-1690?

CVE-2014-1690 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-1690?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.

Vulnerability Description

The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.12.8
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8Mailing ListPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2014/01/28/3Mailing ListPatchThird Party Advisory
http://www.ubuntu.com/usn/USN-2137-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2140-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2158-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1058748Issue TrackingPatchThird Party Advisory
https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d26565988ExploitPatchThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8Mailing ListPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2014/01/28/3Mailing ListPatchThird Party Advisory
http://www.ubuntu.com/usn/USN-2137-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2140-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2158-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1058748Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2014-1690?

CVE-2014-1690 is a vulnerability with a CVSS score of 2.6 (LOW). The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which...

How severe is CVE-2014-1690?

CVE-2014-1690 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-1690?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.