PT-2015-7694 · Linux+3 · Linux Kernel+3

Andreas Stieger

Publicado

2015-11-10

Atualizado

2018-10-17

CVE-2015-7990

CVSS v2.0

5.9

Média

Vetor

AV:L/AC:M/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.3.3

Description A race condition exists in the rds sendmsg function, allowing local users to cause a denial of service, potentially resulting in a system crash, by utilizing a socket that was not properly bound. This issue is a result of an incomplete fix for a previous problem.

Recommendations For Linux kernel versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the rds sendmsg function to minimize the risk of exploitation.

Exploit

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2015-2110

ALT-PU-2016-1485

CVE-2015-7990

DLA-360-1

DSA-3396-1

OPENSUSE-SU-2016_0301-1

OPENSUSE-SU-2016_0318-1

SUSE-SU-2015:2108-1

SUSE-SU-2015:2194-1

SUSE-SU-2015:2292-1

SUSE-SU-2015:2339-1

SUSE-SU-2015:2350-1

SUSE-SU-2016:0335-1

SUSE-SU-2016:0337-1

SUSE-SU-2016:0354-1

SUSE-SU-2016:0380-1

SUSE-SU-2016:0381-1

SUSE-SU-2016:0383-1

SUSE-SU-2016:0384-1

SUSE-SU-2016:0386-1

SUSE-SU-2016:0387-1

SUSE-SU-2016:0434-1

SUSE-SU-2016:2074-1

USN-2886-1

USN-2886-2

USN-2887-1

USN-2887-2

USN-2888-1

USN-2889-1

USN-2889-2

USN-2890-1

USN-2890-2

USN-2890-3

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2015-7694 · Linux+3 · Linux Kernel+3

CVE-2015-7990

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 367