Information on CVE-2014-0196 Vulnerability for CentOS and Ubuntu

A vulnerability found in the Linux kernel, specifically a flaw with the pseudo tty (pty) device, allows an unprivileged user to cause a denial of service (system crash) or potentially gain administrator privileges. A small number of CentOS and Ubuntu versions are vulnerable, thus we want to highlight the following information:

Additional information for Ubuntu can be found here.

Additional information for CentOS can be found here.

We also have tutorials on How To Update the Kernel in CentOS / Red Hat and How To Check the Kernel Version in Linux / Ubuntu / CentOS.

MITRE CVE describes the issue as follows:

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the “LECHO & !OPOST” case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Further information on CVE-2014-0196 is available from the NIST NVD and MITRE CVE dictionary.

Be Sociable, Share!
Here's $75, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support.