Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability

Bugtraq ID:	69781
Class:	Boundary Condition Error
CVE:	CVE-2014-3185
Remote:	No
Local:	Yes
Published:	Sep 12 2014 12:00AM
Updated:	May 12 2015 07:41PM
Credit:	James Forshaw
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server Unsupported Extras 11 Red Hat MRG Realtime for RHEL 6 Server 2 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Linux kernel CentOS CentOS 6
Not Vulnerable:

Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability

The Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code on the system. Failed exploit attempts will likely crash the kernel, denying service to legitimate users.

Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Linux Kernel CVE-2014-3185 'whiteheat.c' Buffer Overflow Vulnerability

References:

• Linux Homepage (Linux)