Oval Definition:oval:com.ubuntu.trusty:def:20147284000
Revision Date:2014-10-13Version:1
Title:CVE-2014-7284 on Ubuntu 14.04 LTS (trusty) - medium.
Description:The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values. Tuomas Räsänen reported the Linux kernel on certain Intel processors does not properly initialize random seeds for network operations, causing TCP sequence numbers, TCP and UDP port numbers and IP ID values to be predictable. A remote attacker could exploit this flaw to spoof or disrupt IP communication.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-7284
Platform(s):Ubuntu 14.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 14.04 LTS (trusty) is installed.
  • AND Package Information
  • The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-32.57').
  • OR While related to the CVE in some way, a decision has been made to ignore it.
  • OR While related to the CVE in some way, a decision has been made to ignore it.
  • OR While related to the CVE in some way, a decision has been made to ignore it.
  • OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected (note: '3.16.0-25.33~14.04.2').
  • OR NOT While related to the CVE in some way, the 'linux-lts-vivid' package in trusty is not affected (note: '3.19.0-18.18~14.04.1').
  • OR While related to the CVE in some way, a decision has been made to ignore it.
  • OR While related to the CVE in some way, a decision has been made to ignore it.
  • OR While related to the CVE in some way, a decision has been made to ignore it.
    • BACK