Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2014-0196

Published: 07/05/2014 Updated: 09/02/2024
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 696
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel up to and including 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.6.31

linux linux kernel

debian debian linux 7.0

debian debian linux 6.0

redhat enterprise linux 6.0

redhat enterprise linux server eus 6.3

redhat enterprise linux eus 6.3

redhat enterprise linux eus 6.4

suse suse linux enterprise server 11

suse suse linux enterprise desktop 11

suse suse linux enterprise high availability extension 11

oracle linux 6

canonical ubuntu linux 13.10

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 10.04

f5 big-iq application delivery controller 4.5.0

f5 big-iq centralized management 4.6.0

f5 big-iq cloud and orchestration 1.0.0

f5 big-ip application acceleration manager

f5 big-ip advanced firewall manager

f5 big-ip policy enforcement manager

f5 big-iq security

f5 big-iq device

f5 big-iq cloud

f5 enterprise manager

f5 big-ip access policy manager

f5 big-ip analytics

f5 big-ip application security manager

f5 big-ip edge gateway

f5 big-ip global traffic manager

f5 big-ip link controller

f5 big-ip local traffic manager

f5 big-ip protocol security module

f5 big-ip wan optimization manager

f5 big-ip webaccelerator

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2014-0196: pty layer race condition memory corruption
Debian Bug report logs - #747166 CVE-2014-0196: pty layer race condition memory corruption Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Tue, 6 May 2014 07:00:01 UTC Severity: grave Tags: security Found in versions 3241-2 ...
Debian CVElist Bug Report Logs: CVE-2014-3122: try_to_unmap_cluster() should lock_page() before mlocking
Debian Bug report logs - #747326 CVE-2014-3122: try_to_unmap_cluster() should lock_page() before mlocking Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Wed, 7 May 2014 14:48:02 UTC Severity: important Tags: fixed-upstream, p ...
Amazon Linux AMI: ALAS-2014-339
The n_tty_write function in drivers/tty/n_ttyc in the Linux kernel through 3143 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long str ...
Amazon Linux AMI: ALAS-2014-392
The media_device_enum_entities function in drivers/media/media-devicec in the Linux kernel before 3146 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call A flaw was found in the way the Linux ker ...
Red Hat: CVE-2014-0196
The n_tty_write function in drivers/tty/n_ttyc in the Linux kernel through 3143 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long str ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-lts-raring vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-lts-saucy vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-lts-quantal vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-ec2 vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...

Exploits

Exploit DB: Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
/* * CVE-2014-0196: Linux kernel &lt;= v315-rc4: raw mode PTY local echo race * condition * * Slightly-less-than-POC privilege escalation exploit * For kernels &gt;= v314-rc1 * * Matthew Daley &lt;mattd@bugfuzzcom&gt; * * Usage: * $ gcc cve-2014-0196-mdc -lutil -lpthread * $ /aout * [+] Resolving symbols * [+] Resolved c ...
Exploit DB: Linux Kernel 3.15-rc4 PTY Race Condition
Linux Kernel versions above 314-rc1 and below 315-rc4 raw mode PTY local echo race condition privilege escalation proof of concept exploit This bug also affects kernel 2631-rc3 and newer ...

Github Repositories

https://github.com/ex4722/kernel_exploitation

kernel Exploitation Learning about kernel exploitation and heres a good place to dump information and notes Kernel for CTF's speakerdeckcom/yuawn/kernel-exploitation?slide=1 ( Slides in Chinese but goldmine of commands ) \ githubcom/smallkirby/kernelpwn Past CTF examples 3 Part writeup Gradually builds up protections and great explanation duasyn

https://github.com/tempbottle/CVE-2014-0196

CVE-2014-0196: Linux kernel pty layer race condition memory corruption

CVE-2014-0196 The n_tty_write function in drivers/tty/n_ttyc in the Linux kernel through 3143 does not properly manage tty driver access in the "LECHO &amp; !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strin

https://github.com/SunRain/CVE-2014-0196

See cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2014-0196

Recent Articles

How long is too long to wait for a security fix?
The Register • Trevor Pott • 25 Jul 2014

Synology finally patches OpenSSL bugs in Trevor's NAS

Sysadmin blog Synology quietly released version 4.2-3250 of its DiskStation Manager (DSM) operating system this month. This squashes critical security bugs in version 4.2 of DSM – bugs that were fixed in version 5.0 in June, so consider this a back port. Version 4.2 is old but still in use in various models, such as the DS109. The update got me thinking about the security of NASes and similar devices on our networks. New build 3250 addresses a kernel-level security issue as well as the six Ope...

Read more...
Linux distros fix kernel terminal root-hole bug
The Register • Richard Chirgwin • 14 May 2014

Pseudo-term buffer blunder from 2009 discovered

Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel's tty handling – and it lets logged-in users crash the system, gain root privileges, or otherwise modify and access data they shouldn't. This memory corruption flaw is certainly nothing like OpenSSL's remotely exploitable Heartbleed – CVE-2014-0196. But this local root hole is problematic where users are sharing the same Linux host in the cloud. Here's how US-CERT described the issue: A user only need...

Read more...

References

CWE-362https://bugzilla.redhat.com/show_bug.cgi?id=1094232http://www.openwall.com/lists/oss-security/2014/05/05/6http://bugzilla.novell.com/show_bug.cgi?id=875690http://pastebin.com/raw.php?i=yTSFUBgZhttps://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00http://www.ubuntu.com/usn/USN-2199-1http://www.debian.org/security/2014/dsa-2928http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.htmlhttp://www.ubuntu.com/usn/USN-2201-1http://rhn.redhat.com/errata/RHSA-2014-0512.htmlhttp://www.debian.org/security/2014/dsa-2926http://www.ubuntu.com/usn/USN-2202-1http://www.ubuntu.com/usn/USN-2196-1http://www.ubuntu.com/usn/USN-2198-1http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.htmlhttp://www.ubuntu.com/usn/USN-2204-1http://www.ubuntu.com/usn/USN-2197-1http://www.ubuntu.com/usn/USN-2200-1http://www.ubuntu.com/usn/USN-2203-1http://secunia.com/advisories/59599http://linux.oracle.com/errata/ELSA-2014-0771.htmlhttp://secunia.com/advisories/59262http://source.android.com/security/bulletin/2016-07-01.htmlhttp://www.osvdb.org/106646http://www.exploit-db.com/exploits/33516http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.htmlhttp://secunia.com/advisories/59218http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747166https://www.exploit-db.com/exploits/33516/https://github.com/tempbottle/CVE-2014-0196https://access.redhat.com/security/cve/cve-2014-0196https://alas.aws.amazon.com/ALAS-2014-339.htmlhttps://usn.ubuntu.com/2198-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook