Oval Definition:oval:com.ubuntu.xenial:def:20141690000
Revision Date:2014-02-28Version:1
Title:CVE-2014-1690 on Ubuntu 16.04 LTS (xenial) - low.
Description:The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature. An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC connection(/dcc) via a NAT-ed network.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-1690
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • NOT While related to the CVE in some way, the 'linux' package in xenial is not affected (note: '4.2.0-16.19').
  • OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected (note: '4.4.0-1001.10').
  • OR NOT While related to the CVE in some way, the 'linux-flo' package in xenial is not affected.
  • OR NOT While related to the CVE in some way, the 'linux-gke' package in xenial is not affected (note: '4.4.0-1003.3').
  • OR NOT While related to the CVE in some way, the 'linux-goldfish' package in xenial is not affected.
  • OR NOT While related to the CVE in some way, the 'linux-hwe' package in xenial is not affected (note: '4.8.0-36.36~16.04.1').
  • OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in xenial is not affected (note: '4.8.0-36.36~16.04.1').
  • OR NOT While related to the CVE in some way, the 'linux-mako' package in xenial is not affected.
  • OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected (note: '4.2.0-1013.19').
  • OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected (note: '4.4.0-1012.12').
  • BACK