DescriptionThe report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database||SUSE|
Note from the SUSE Security TeamThe affected crypto code was introduced in Linux kernel 3.2 and not backported to older kernel versions. So SUSE Linux Enterprise 11 or earlier versions are not affected by this problem. SUSE Bugzilla entry: 809906 [RESOLVED / FIXED] SUSE Security Advisories:
- openSUSE-SU-2013:1971-1, published Mon, 30 Dec 2013 21:04:12 +0100 (CET)