Vulnerability Name:

CVE-2014-9683 (CCN-100966)

Assigned:2015-02-17
Published:2015-02-17
Updated:2016-12-24
Summary:Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
2.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.6 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2014-9683

Source: CONFIRM
Type: UNKNOWN
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=942080643bce061c3dd9d5718d3b745dcb39a8bc

Source: CCN
Type: Linux Kernel GIT Repository
eCryptfs: Remove buggy and unnecessary write in file name decode routine

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1478

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1272

Source: CCN
Type: oss-security Mailing List, Tue, 17 Feb 2015 13:24:16 -0800
CVE request: Linux kernel ecryptfs 1-byte overwrite

Source: CCN
Type: oss-security Mailing List, Tue, 17 Feb 2015 17:34:44 -0500 (EST)
Re: CVE request: Linux kernel ecryptfs 1-byte overwrite

Source: DEBIAN
Type: UNKNOWN
DSA-3170

Source: CCN
Type: IBM Security Bulletin T1022146
Multiple Kernel vulnerabilities affect PowerKVM (Multiple CVEs)

Source: CONFIRM
Type: UNKNOWN
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:058

Source: MLIST
Type: UNKNOWN
[oss-security] 20150217 Re: CVE request: Linux kernel ecryptfs 1-byte overwrite

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: BID
Type: UNKNOWN
72643

Source: CCN
Type: BID-72643
Linux Kernel 'fs/ecryptfs/crypto.c' Local Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1031860

Source: UBUNTU
Type: UNKNOWN
USN-2515-1

Source: UBUNTU
Type: UNKNOWN
USN-2516-1

Source: UBUNTU
Type: UNKNOWN
USN-2517-1

Source: UBUNTU
Type: UNKNOWN
USN-2518-1

Source: UBUNTU
Type: UNKNOWN
USN-2541-1

Source: UBUNTU
Type: UNKNOWN
USN-2542-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1193830

Source: XF
Type: UNKNOWN
linux-kernel-cve20149683-bo(100966)

Source: CONFIRM
Type: UNKNOWN
https://github.com/torvalds/linux/commit/942080643bce061c3dd9d5718d3b745dcb39a8bc

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-9683

Vulnerable Configuration:Configuration 1:
  • cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 3.18.1)

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20149683
    V
    CVE-2014-9683
    2022-05-20
    oval:org.opensuse.security:def:33110
    P
    Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:30169
    P
    Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:34052
    P
    Security update for net-snmp (Important)
    2022-01-05
    oval:org.opensuse.security:def:32240
    P
    Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:33061
    P
    Security update for glib-networking (Important)
    2021-12-13
    oval:org.opensuse.security:def:31716
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:26181
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:34598
    P
    Security update for java-1_7_0-openjdk (Important)
    2021-11-24
    oval:org.opensuse.security:def:30273
    P
    Security update for java-1_7_0-openjdk (Important)
    2021-11-24
    oval:org.opensuse.security:def:34558
    P
    Security update for libqt5-qtsvg (Moderate)
    2021-10-11
    oval:org.opensuse.security:def:26139
    P
    Security update for libvirt (Moderate)
    2021-10-04
    oval:org.opensuse.security:def:29429
    P
    Security update for libqt5-qtbase (Important)
    2021-09-30
    oval:org.opensuse.security:def:33004
    P
    Security update for transfig (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:33707
    P
    Security update for aspell (Important)
    2021-08-25
    oval:org.opensuse.security:def:33963
    P
    Security update for openssl-1_1 (Important)
    2021-08-24
    oval:org.opensuse.security:def:30224
    P
    Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:31642
    P
    Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:33674
    P
    Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:42571
    P
    kernel-default-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36164
    P
    kernel-default-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36428
    P
    kernel-docs-3.0.101-63.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:33920
    P
    Security update for MozillaFirefox (Important)
    2021-06-08
    oval:org.opensuse.security:def:31631
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:31630
    P
    Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:29372
    P
    Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:26055
    P
    Security update for hivex (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:26053
    P
    Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:33906
    P
    Security update for python3 (Important)
    2021-05-17
    oval:org.opensuse.security:def:34424
    P
    Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:32084
    P
    Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:33893
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:28964
    P
    Security update for MozillaFirefox (Important)
    2021-03-31
    oval:org.opensuse.security:def:33088
    P
    Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:33084
    P
    Security update for tomcat (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:33085
    P
    Security update for postgresql-jdbc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:33764
    P
    Security update for openvswitch (Important)
    2021-02-15
    oval:org.opensuse.security:def:30016
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)
    2021-02-10
    oval:org.opensuse.security:def:33096
    P
    Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:25977
    P
    Security update for openssl-1_1 (Important)
    2020-12-10
    oval:org.opensuse.security:def:33876
    P
    Security update for postgresql12 (Important)
    2020-12-04
    oval:org.opensuse.security:def:26262
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:29123
    P
    Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:29286
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:30312
    P
    Security update for tcpdump (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27162
    P
    kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25713
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26403
    P
    Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29805
    P
    Security update for ipsec-tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34267
    P
    Security update for procmail
    2020-12-01
    oval:org.opensuse.security:def:30375
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25725
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31940
    P
    Recommended update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26607
    P
    libvorbis on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33172
    P
    libpng12-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28376
    P
    Security update for quagga (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33310
    P
    libldap-openssl1-2_4-2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29667
    P
    Security update for dbus-1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:34355
    P
    Security update for sudo (Important)
    2020-12-01
    oval:org.opensuse.security:def:31050
    P
    Security update for the Linux Kernel
    2020-12-01
    oval:org.opensuse.security:def:29569
    P
    Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25917
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26695
    P
    fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33854
    P
    Security update for inn
    2020-12-01
    oval:org.opensuse.security:def:28455
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:33462
    P
    Security update for KDE4 PIM packages
    2020-12-01
    oval:org.opensuse.security:def:29770
    P
    Security update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29581
    P
    Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32296
    P
    Security update for procmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26753
    P
    libmysqlclient15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32386
    P
    Security update for tomcat6 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28671
    P
    Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:29827
    P
    Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:35102
    P
    Security update for the Linux Kernel
    2020-12-01
    oval:org.opensuse.security:def:33579
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29786
    P
    Security update for gpgme
    2020-12-01
    oval:org.opensuse.security:def:26290
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32384
    P
    Security update for tiff (Low)
    2020-12-01
    oval:org.opensuse.security:def:27426
    P
    kernel-docs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32475
    P
    Security update for xscreensaver (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28812
    P
    Security update for postgresql91 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33813
    P
    Security update for giflib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30509
    P
    Security update for MozillaFirefox, mozilla-nspr (Important)
    2020-12-01
    oval:org.opensuse.security:def:33591
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:29930
    P
    Security update for libgcrypt
    2020-12-01
    oval:org.opensuse.security:def:26392
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:32450
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25989
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32704
    P
    libapr1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29018
    P
    Security update for lighttpd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29075
    P
    Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:33810
    P
    Security update for ghostscript-library (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26445
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:33127
    P
    kernel-default on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32848
    P
    dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29106
    P
    Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:29155
    P
    Security update for libtcnative-1-0 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27127
    P
    freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26319
    P
    Security update for kde-cli-tools5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29167
    P
    Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:34209
    P
    Security update for perl-PlRPC (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30331
    P
    Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25714
    P
    Security update for libpng16 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31848
    P
    Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26554
    P
    ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33149
    P
    libfreebl3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29841
    P
    Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:28375
    P
    Security update for quagga (Low)
    2020-12-01
    oval:org.opensuse.security:def:33175
    P
    libpulse-browse0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29514
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34316
    P
    Security update for ruby
    2020-12-01
    oval:org.opensuse.security:def:31013
    P
    Security update for java-1_7_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25789
    P
    Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:31997
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26656
    P
    zoo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33216
    P
    openCryptoki on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28387
    P
    Security update for rubygem-rack-1_4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33405
    P
    Security update for SUSE Manager Client Tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29721
    P
    Security update for MozillaFirefox
    2020-12-01
    oval:org.opensuse.security:def:34380
    P
    Security update for tightvnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:29570
    P
    Security update for SuSEfirewall2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25998
    P
    Security update for libreoffice (Important)
    2020-12-01
    oval:org.opensuse.security:def:26709
    P
    gmime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32385
    P
    Security update for tightvnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:28586
    P
    Security update for libxml2
    2020-12-01
    oval:org.opensuse.security:def:33550
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29809
    P
    Security update for jakarta-commons-fileupload (Important)
    2020-12-01
    oval:org.opensuse.security:def:35062
    P
    Security update for IBM Java
    2020-12-01
    oval:org.opensuse.security:def:29654
    P
    Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32345
    P
    Security update for spice (Important)
    2020-12-01
    oval:org.opensuse.security:def:27391
    P
    e2fsprogs-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32397
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28728
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29871
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:33580
    P
    Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:29873
    P
    Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:26343
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:32406
    P
    Security update for wavpack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25978
    P
    Security update for tcpdump, libpcap (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32610
    P
    unrar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33852
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30546
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:29074
    P
    Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:26431
    P
    Security update for tor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32761
    P
    pam on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29067
    P
    Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:29086
    P
    Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:26489
    P
    Security update for php7-imagick (Moderate)
    2020-12-01
    oval:org.cisecurity:def:189
    P
    DSA-3170-1 -- linux -- security update
    2016-02-08
    oval:com.redhat.rhsa:def:20151272
    P
    RHSA-2015:1272: kernel security, bug fix, and enhancement update (Moderate)
    2015-07-22
    oval:com.ubuntu.precise:def:20149683000
    V
    CVE-2014-9683 on Ubuntu 12.04 LTS (precise) - medium.
    2015-03-03
    oval:com.ubuntu.trusty:def:20149683000
    V
    CVE-2014-9683 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-03-03
    oval:com.ubuntu.xenial:def:201496830000000
    V
    CVE-2014-9683 on Ubuntu 16.04 LTS (xenial) - medium.
    2015-03-03
    oval:com.ubuntu.xenial:def:20149683000
    V
    CVE-2014-9683 on Ubuntu 16.04 LTS (xenial) - medium.
    2015-03-03
    BACK
    canonical ubuntu linux 12.04
    canonical ubuntu linux 14.04
    canonical ubuntu linux 14.10
    linux linux kernel *
    linux linux kernel -
    ibm powerkvm 2.1