BID:69768

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities

Info

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities

Bugtraq ID:	69768
Class:	Boundary Condition Error
CVE:	CVE-2014-3184
Remote:	No
Local:	Yes
Published:	Sep 11 2014 12:00AM
Updated:	Aug 12 2015 10:11PM
Credit:	The vendor reported these issues.
Vulnerable:	Ubuntu Ubuntu Linux 14.04 LTS Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server Unsupported Extras 11 SuSE SUSE Linux Enterprise Server 11 SP3 for VMware + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise Server 11 SP3 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise Server 11 SP1 LTSS + Linux kernel 2.6.5 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise High Availability Extension 11 SP3 SuSE Suse Linux Enterprise Desktop 11 SP3 + Linux kernel 2.6.5 SuSE Linux Enterprise Real Time Extension 11 SP3 S.u.S.E. openSUSE 13.1 S.u.S.E. openSUSE 12.3 Redhat MRG Realtime for RHEL 6 Server 2 Redhat Enterprise Linux Workstation Optional 7 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 7 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 7 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 7 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux HPC Node 6 Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Redhat Enterprise Linux ComputeNode Optional 7 Redhat Enterprise Linux ComputeNode 7 Redhat Enterprise Linux Client Optional 7 Redhat Enterprise Linux Client 7 Oracle Linux 7 Oracle Linux 6 Oracle Enterprise Linux 7 Oracle Enterprise Linux 5 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Linux kernel IBM PowerKVM 2.1 CentOS CentOS 7 AlienVault Unified Security Management (USM) 5.0.3 AlienVault Unified Security Management (USM) 5.0 AlienVault Unified Security Management (USM) 4.15 AlienVault Unified Security Management (USM) 4.14 AlienVault Unified Security Management (USM) 4.0 AlienVault Open Source SIEM (OSSIM) 5.0.3 AlienVault Open Source SIEM (OSSIM) 5.0.1 AlienVault Open Source SIEM (OSSIM) 4.7 AlienVault Open Source SIEM (OSSIM) 4.6.1 AlienVault Open Source SIEM (OSSIM) 4.5 AlienVault Open Source SIEM (OSSIM) 4.3.3 AlienVault Open Source SIEM (OSSIM) 4.3.2 AlienVault Open Source SIEM (OSSIM) 4.3.1 AlienVault Open Source SIEM (OSSIM) 4.0.2 AlienVault Open Source SIEM (OSSIM) 5.0 AlienVault Open Source SIEM (OSSIM) 4.8.0 AlienVault Open Source SIEM (OSSIM) 4.6.0 AlienVault Open Source SIEM (OSSIM) 4.3.3.1 AlienVault Open Source SIEM (OSSIM) 4.3.0 AlienVault Open Source SIEM (OSSIM) 4.2.3 AlienVault Open Source SIEM (OSSIM) 4.15 AlienVault Open Source SIEM (OSSIM) 4.14 AlienVault Open Source SIEM (OSSIM) 4.13 AlienVault Open Source SIEM (OSSIM) 4.1.2 AlienVault Open Source SIEM (OSSIM) 4.1 AlienVault Open Source SIEM (OSSIM) 4.0 AlienVault Open Source SIEM (OSSIM) 3.1

Not Vulnerable:	AlienVault Unified Security Management (USM) 5.0.4 AlienVault Open Source SIEM (OSSIM) 5.0.4

Discussion

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities

Linux Kernel is prone to multiple denial-of-service vulnerabilities due to an off-by-one error.

Attackers can leverage these issues to trigger denial-of-service conditions. Given the nature of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

Exploit / POC

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Mandriva Business Server 1 X86 64

Mandriva cpupower-3.4.104-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva kernel-firmware-3.4.104-1.1.mbs1.noarch.rpm
http://www.mandriva.com/en/downloads/

Mandriva kernel-headers-3.4.104-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva kernel-server-3.4.104-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva kernel-server-devel-3.4.104-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva kernel-source-3.4.104-1.mbs1.noarch.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64cpupower-devel-3.4.104-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva lib64cpupower0-3.4.104-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/

Mandriva perf-3.4.104-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/

References

Linux Kernel CVE-2014-3184 Multiple Local Denial Of Service Vulnerabilities

References:

HID: fix a couple of off-by-ones (Jiri Kosina)
Linux Homepage (Linux)
Security Advisory - AlienVault v5.0.4 addresses 31 vulnerabilities (AlienVault)
Security Bulletin: PowerKVM Kernel Vulnerabilities - Multiple CVEs (IBM)