Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 552742

Summary: Kernel: Off-by-one vulnerability in eCryptfs (CVE-2014-9683)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-21 13:44:38 UTC 
CVE-2014-9683 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9683):
  Off-by-one error in the ecryptfs_decode_from_filename function in
  fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before
  3.18.2 allows local users to cause a denial of service (buffer overflow and
  system crash) or possibly gain privileges via a crafted filename.