HIGH7.8
Уязвимость функции load_elf_binary ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
ALT-PU-2015-1435-1Обновление пакета kernel-image-un-def в ветке t7
Серьёзность:
Закрытые проблемы (4)
LOW3.3
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:A/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2015-1221.html
- http://rhn.redhat.com/errata/RHSA-2015-1534.html
- http://rhn.redhat.com/errata/RHSA-2015-1564.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6
- http://www.openwall.com/lists/oss-security/2015/04/04/2
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/74315
- http://www.securitytracker.com/id/1032417
- https://bugzilla.redhat.com/show_bug.cgi?id=1203712
- https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2015-1221.html
- http://rhn.redhat.com/errata/RHSA-2015-1534.html
- http://rhn.redhat.com/errata/RHSA-2015-1564.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6
- http://www.openwall.com/lists/oss-security/2015/04/04/2
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/74315
- http://www.securitytracker.com/id/1032417
- https://bugzilla.redhat.com/show_bug.cgi?id=1203712
- https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a
MEDIUM6.2
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
CVSS 2.0СРЕДНЯЯ 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:CСсылки
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2015-1272.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6
- http://www.openwall.com/lists/oss-security/2015/04/20/5
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securitytracker.com/id/1032412
- https://bugzilla.redhat.com/show_bug.cgi?id=1214030
- https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2015-1272.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6
- http://www.openwall.com/lists/oss-security/2015/04/20/5
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securitytracker.com/id/1032412
- https://bugzilla.redhat.com/show_bug.cgi?id=1214030
- https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
HIGH7.8
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101010
- http://www.securitytracker.com/id/1039434
- https://access.redhat.com/errata/RHSA-2017:2793
- https://access.redhat.com/errata/RHSA-2017:2794
- https://access.redhat.com/errata/RHSA-2017:2795
- https://access.redhat.com/errata/RHSA-2017:2796
- https://access.redhat.com/errata/RHSA-2017:2797
- https://access.redhat.com/errata/RHSA-2017:2798
- https://access.redhat.com/errata/RHSA-2017:2799
- https://access.redhat.com/errata/RHSA-2017:2800
- https://access.redhat.com/errata/RHSA-2017:2801
- https://access.redhat.com/errata/RHSA-2017:2802
- https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
- http://www.securityfocus.com/bid/101010
- http://www.securitytracker.com/id/1039434
- https://access.redhat.com/errata/RHSA-2017:2793
- https://access.redhat.com/errata/RHSA-2017:2794
- https://access.redhat.com/errata/RHSA-2017:2795
- https://access.redhat.com/errata/RHSA-2017:2796
- https://access.redhat.com/errata/RHSA-2017:2797
- https://access.redhat.com/errata/RHSA-2017:2798
- https://access.redhat.com/errata/RHSA-2017:2799
- https://access.redhat.com/errata/RHSA-2017:2800
- https://access.redhat.com/errata/RHSA-2017:2801
- https://access.redhat.com/errata/RHSA-2017:2802
- https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-1000253