2014-01-06 17:55:09 2014-03-16 05:43:37

The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE
Linux Linux kernel 3.10.16 (not an official CPE) HP Insight Diagnostics Online Edition For Windows 7.4.0 Linux Linux kernel 3.10.15 (not an official CPE) Linux Linux kernel 3.10.18 (not an official CPE) HP Insight Diagnostics 7.9.1-15 Online Edition for Linux Linux Linux kernel 3.10.17 (not an official CPE) HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.9.0 Rev. A Offline Edition HP Insight Diagnostics 7.9.0 Rev. A Offline Edition HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 HP Ignite-UX B.5.4 HP Insight Management Agent 8.40.0.0 HP Insight Diagnostics 7.0.0.1198 Online Edition for Windows 2000 HP Insight Diagnostics 7.7.0.2112 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2000 HP Ignite-UX B.5.3 HP Insight Management Wbem Providers 2.2.1.0 HP Insight Diagnostics 7.7.0 Rev. B Offline Edition HP Insight Diagnostics 7.3.0 Offline Edition HP Ignite-UX C.6.2.241 HP Insight Management Agents 7.10.0.0 HP Insight Management Wbem Providers 2.3.0.0 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2003 x64 HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2003 HP Ignite-UX C.6.1 HP Insight Management Agent 8.50.0.0 HP Insight Management Agents 7.0.0.0 HP Insight Diagnostics 7.7.0.2112 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows Server 2003 HP Ignite-UX B.5.2 HP Insight Diagnostics 7.6.2 Rev. A Offline Edition HP Insight Diagnostics 7.5.5-1 Online Edition for Linux HP Insight Management Agents 7.20.0.0 HP Insight Management Agents 8.70.0.0 HP Insight Diagnostics 7.7.0 Offline Edition HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2000 HP Insight Management Agents 6.30.0.0 HP Insight Management Agents 8.70.0.0 (B) HP Insight Diagnostics 7.5.4 Offline Edition HP Insight Management Agent 8.70.0.0 HP Insight Management Wbem Providers 2.4.0.0 HP Insight Diagnostics 7.6.1 Offline Edition HP Insight Diagnostics 7.5.5-1 Online Edition for Linux HP Insight Management Agents 6.40.0.0 HP Insight Management Agents 6.31.0.0 (B) HP Insight Diagnostics 6.5.0 (A) Offline Edition HP Insight Diagnostics 7.7.0-142 Online Edition for Linux HP Insight Management Agents 9.0.0.0 HP Insight Management Suite Linux Linux kernel 3.10.14 (not an official CPE) Linux Linux kernel 3.10.11 (not an official CPE) Linux Linux kernel 3.10.12 (not an official CPE) Linux Linux kernel 3.10.10 (not an official CPE) HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 x64 HP Ignite-UX C.7.11.439 Linux Linux kernel 3.10.13 (not an official CPE) HP Insight Diagnostics 9.4.0.4710 HP Ignite-UX C.7.7.93 HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 x64 HP Ignite-UX B.5.1 Linux Linux kernel 3.10.19 (not an official CPE) HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 HP Ignite-UX C.6.6 HP iNode Management Center PC 5.1 IMC Branch Intelligent Management System Software Module 5.0 HP Imaging Device Functions 10.0 HP iNode Management Center PC 5.1 E0304 HP Ignite-UX B.3.8 HP Insight Control Performance Management 6.2 HP Insight Diagnostics 6.4.1 (A) Offline Edition HP Insight Control Performance Management 6.1 HP Insight Diagnostics 6.4.1 (A) Offline Edition HP Ignite-UX B.4.1 HP Ignite-UX B.4.0 HP Insight Diagnostics 6.5.0 (A) Offline Edition HP Insight Diagnostics 7.0.0-30 Online Edition for Linux HP Ignite-UX B.4.3 HP Insight Management Agents 7.95.0.0 HP Insight Diagnostics 7.0.0-30 Online Edition for Linux HP Ignite-UX B.5.0 HP Insight Control Performance Management 6.0 HP Insight Management Agents 7.40.1.0 HP Ignite-UX B.4.4 HP Insight Control Performance Management 5.2.2 HP Insight Management Agents 7.40.0.0 HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2000 HP Ignite-UX B.4.2 HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2003 x64 HP Insight Diagnostics 7.5.0-14 Online Edition for Linux HP Insight Diagnostics Online Edition For Windows 8.0.0 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2000 HP Insight Diagnostics Online Edition For Windows 7.8.0 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2003 x64 HP Insight Diagnostics Online Edition For Windows 8.1.1 HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2000 HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2003 HP Insight Management Agents 8.11.0.0 HP Insight Management Agents 8.10.0.0 HP Insight Control Server Deployment HP Insight Management Agents 8.1.0.0 HP Insight Management Agents 8.15.0.0 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2000 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2000 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2003 x64 HP Insight Diagnostics 7.4.1 Offline Edition HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows Server 2003 Linux Linux kernel 3.10.7 (not an official CPE) Linux Linux kernel 3.10.4 (not an official CPE) Linux Linux kernel 3.10.5 (not an official CPE) HP Insight Diagnostics 7.4.0 HP Insight Diagnostics 7.4.0-11 Online Edition for Linux Linux Linux kernel 3.10.6 (not an official CPE) HP Insight Diagnostics 7.4.0-11 Online Edition for Linux HP Insight Diagnostics 7.4.1 Offline Edition Linux Linux kernel 3.10.8 (not an official CPE) HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows Server 2003 Linux Linux kernel 3.10.9 (not an official CPE) HP Insight Diagnostics 6.3.1.887 Offline Edition HP Insight Control Performance Management 5.2 HP Insight Management Agents 7.30.0.0 HP Insight Diagnostics 6.2.1 (A) Offline Edition HP Insight Diagnostics 6.3.0-15 Online Edition for Linux HP Insight Diagnostics 6.2.1 (A) Offline Edition HP Insight Diagnostics 7.5.4 Offline Edition HP Insight Management Agent 8.26.0.0 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2000 Linux Linux kernel 3.11.10 (not an official CPE) Linux Linux kernel 3.10.20 (not an official CPE) IMC Branch Intelligent Management System Software Module 7.0 E0201P02 IMC Branch Intelligent Management System Software Module 5.1 Linux Linux kernel 3.10.21 (not an official CPE) IMC Branch Intelligent Management System Software Module 7.0 Linux Linux kernel 3.10.23 (not an official CPE) HP iMC Service Operation Management Software module Linux Linux kernel 3.10.22 (not an official CPE) IMC Branch Intelligent Management System Software Module 5.2 HP Insight Management Agents 8.40.0.0 HP Insight Management Agents 8.50.0.0 HP Insight Management Agents 8.30.0.0 HP Insight Management Agents 8.20.0.0 HP Insight Management Agents 8.5 HP iNode Management Center PC 5.0 HP Insight Management Agents 8.26.0.0 HP Insight Management Agents 8.0.0.0 HP Info Center HP iNode Management Center PC 5.0 E0101 HP Insight Management Agents 8.22.0.0 HP Inkjet 2250 TN HP Insight Management Agents 8.60.0.0 HP Insight Management Agent 7.80.0.0 HP Insight Control Performance Management 5.0 Linux Linux kernel 3.11.2 (not an official CPE) Linux Linux kernel 3.12 (not an official CPE) HP Insight Diagnostics Online Edition For Windows 8.5.0 HP Ignite-UX C.7.2 HP Insight Diagnostics Online Edition For Windows 8.6.0 HP Insight Diagnostics Online Edition For Windows 8.2.5 HP Insight Diagnostics Online Edition For Windows 8.4.0 HP Insight Diagnostics Online Edition For Windows 8.7.0 HP Ignite-UX C.7.5 HP Ignite-UX C.7.4.157 HP Ignite-UX C.7.6.98 HP Ignite-UX C.7.11.444 HP Insight Diagnostics 6.3.1-1 Online Edition for Linux HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2000 Linux Linux kernel 3.12.1 (not an official CPE) HP Ignite-UX C.7.10.474 HP Insight Control Performance Management 6.3 HP Insight Diagnostics 6.3.0-15 Online Edition for Linux HP Insight Diagnostics 6.0.0 (A) Offline Edition HP Insight Diagnostics 6.0.0 (A) Offline Edition HP Insight Diagnostics 7.6.0-23 Online Edition for Linux HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows Server 2003 HP Insight Management Agent 7.70.0.0 HP Insight Management Agent 7.90.0.0 HP Imaging Device Functions 12.0 HP Imaging Device Functions 11.6 HP Imaging Device Functions 14.0 HP Insight Diagnostics 7.9.0 Offline Edition HP Imaging Device Functions 13.0 HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.9.0 IMC Branch Intelligent Management System Software Module HP Imaging Device Functions 9.0 HP Insight Diagnostics 7.9.0 Offline Edition HP Ignite-UX C.6.9.141 HP Ignite-UX C.7.1.92 HP Ignite-UX C.7.0 HP Ignite-UX C.6.8 HP Ignite-UX C.6.9.150 HP Ignite-UX C.6.7 HP Ignite-UX C.7.0.212 HP Ignite-UX C.7.10.472 HP Ignite-UX C.7.1 HP Ignite-UX C.7.4.155 HP Ignite-UX C.7.2.93 HP Ignite-UX C.7.3.144 HP Ignite-UX C.7.6.100 HP Ignite-UX C.7.3.148 Linux Linux kernel 3.11 (not an official CPE) Linux Linux kernel 3.11.1 (not an official CPE) HP Ignite-UX C.6.4 HP Ignite-UX C.6.5 HP Insight Management Agent 8.0.0.0 HP Insight Management Agent 8.20.0.0 HP Insight Management Agent 8.11.0.0 HP Insight Management Agent 8.15.0.0 HP Insight Diagnostics 7.0.1-8 Online Edition for Linux HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.2 (A) Offline Edition HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows 2000 HP Insight Management Agents 7.91.0.0 HP Insight Management Agents 7.70.0.0 HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows Server 2003 HP Insight Management Agents 7.80.0.0 HP Image Zone 4.5 HP Insight Management Agents 7.60.0.0 HP Insight Management Agents 7.41.0.0 HP Insight Management Agents 7.50.0.0 HP Insight Management Agents 7.90.0.0 HP Imaging Barcode Scanner BW868AA HP Ignite-UX C.7.9.261 HP Ignite-UX C.7.9.260 HP Image Zone 4.7 HP Insight Management Agents 7.51.0.0 HP Image Zone 5.3 HP Image Zone Express 1.5.1.29 HP Insight Management Agent 8.60.0.0 HP Insight Diagnostics 7.5.0-14 Online Edition for Linux HP Ignite-UX C.7.8 HP Ignite-UX C.7.9.254 Linux Linux kernel 3.12.3 (not an official CPE) HP Ignite-UX C.7.7.98 Linux Linux kernel 3.12.2 (not an official CPE) HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 Linux Linux kernel 3.11.8 (not an official CPE) HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.8.0-159 Online Edition for Linux Linux Linux kernel 3.11.7 (not an official CPE) HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 Linux Linux kernel 3.11.5 (not an official CPE) HP Insight Diagnostics Online Edition For Windows 8.1.5 HP Imaging Device Functions 7.0 HP Insight Diagnostics 7.9.0-105 Online Edition for Linux HP Insight Diagnostics 7.7.101 (2097) Offline Edition HP Imaging Device Functions 5.3 Linux Linux kernel 3.11.4 (not an official CPE) HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 x64 HP Imaging Device Functions 8.0 Linux Linux kernel 3.11.9 (not an official CPE) Linux Linux kernel 3.11.6 (not an official CPE) HP Imaging Device Functions 6.0 Linux Linux kernel 3.11.3 (not an official CPE) HP Insight Diagnostics Online Edition For Windows 7.6.0 HP Ignite-UX C.6.2 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.5.0.0 (x64) 64-bit HP Ignite-UX C.6.3 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.5.0.0 HP Ignite-UX C.6.10 HP Insight Diagnostics 7.6.0 Offline Edition HP Insight Diagnostics 7.6.0-23 Online Edition for Linux HP Insight Diagnostics 7.6.0 Offline Edition HP Insight Management Wbem Providers 2.8.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.3.0.0 (x64) 64-bit HP Insight Management Wbem Providers For Windows Server 2003/2008 2.4.0.0 (x64) 64-bit HP Insight Management Wbem Providers For Windows Server 2003/2008 2.3.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.2.1.0 HP Insight Management Agent 8.30.0.0 HP Insight Management Wbem Providers 2.6.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.4.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.2.1.0 (x64) 64-bit HP Insight Management Wbem Providers 2.5.0.0 HP Insight Management Wbem Providers 2.7.0.0 HP Insight Diagnostics 7.0.1-8 Online Edition for Linux HP Insight Diagnostics 7.0.2 (A) Offline Edition HP Insight Diagnostics 7.3.0 Offline Edition HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.0.0.1198 Online Edition for Windows 2000 HP Insight Diagnostics 7.5.2 Offline Edition HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2000 HP Insight Diagnostics 7.5.2 Offline Edition HP Insight Diagnostics 6.3.1-1 Online Edition for Linux

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)