505678 – (CVE-2014-1690) Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper (CVE-2014-1690)

Bug 505678 (CVE-2014-1690) - Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper (CVE-2014-1690)

Summary: Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper ...

Status:	RESOLVED FIXED

Alias:	CVE-2014-1690

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-25 12:05 UTC by Agostino Sarubbo
Modified:	2022-03-25 21:45 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2014-03-25 12:05:55 UTC

CVE-2014-1690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1690):

The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers 
to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect 
packet data is transmitted during use of the NAT mangle feature.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2014-08-10 22:00:58 UTC

CVE-2014-1690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1690):
  The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before
  3.12.8 allows remote attackers to obtain sensitive information from kernel
  memory by establishing an IRC DCC session in which incorrect packet data is
  transmitted during use of the NAT mangle feature.

Comment 2 John Helmert III archtester

2022-03-25 21:45:38 UTC

Fix in 3.13, https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98