CVE-2014-0196 PoC — Linux kernel n_tty_write’函数竞争条件漏洞

Source

https://github.com/tempbottle/CVE-2014-0196

Associated Vulnerability

Title:Linux kernel n_tty_write’函数竞争条件漏洞 (CVE-2014-0196)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 3.14.3及之前版本的drivers/tty/n_tty.c文件中的‘n_tty_write’函数存在安全漏洞，该漏洞源于程序没有正确管理tty驱动程序的访问权限。本地攻击者可利用该漏洞造成拒绝服务（内存损坏和系统崩溃）或获取特权。

Description

CVE-2014-0196: Linux kernel pty layer race condition memory corruption

Readme

CVE-2014-0196
=============

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO &amp; !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

File Snapshot


 [4.0K]  /data/pocs/f630047526f0e5f4c611383cdefb30e1d6f55b7c
├── [5.2K]  cve-2014-0196-md.c
└── [ 385]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!