DescriptionThe report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
NVD CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Note from the SUSE Security TeamThe affected crypto code was introduced in Linux kernel 3.2 and not backported to older kernel versions. So SUSE Linux Enterprise 11 or earlier versions are not affected by this problem. Novell Bugzilla entry: 809906 SUSE Security Advisories:
- openSUSE-SU-2013:1971-1, published Mon, 30 Dec 2013 21:04:12 +0100 (CET)