PT-2016-3583 · Linux+3 · Linux Kernel+3

Wade Mealing

Publicado

2015-06-03

Atualizado

2021-07-15

CVE-2015-1350

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x

Description The issue allows local users to cause a denial of service, specifically capability stripping, via a failed invocation of a system call. This can be demonstrated by using the chown command to remove a capability from certain programs, such as ping or Wireshark dumpcap.

Recommendations For Linux kernel version 3.x, consider restricting the use of the chown command to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the chown command to remove capabilities from sensitive programs.

Exploit

Correção

DoS

Files Accessible to External Parties

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-552

Identificadores relacionados

ALT-PU-2015-1485

ALT-PU-2015-1849

CVE-2015-1350

DLA-772-1

OPENSUSE-SU-2016_3050-1

SUSE-SU-2017:0181-1

SUSE-SU-2017:0333-1

SUSE-SU-2017:0437-1

SUSE-SU-2017:0494-1

SUSE-SU-2017:1102-1

SUSE-SU-2017:1247-1

SUSE-SU-2017:1360-1

USN-3361-1

USN-4904-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2016-3583 · Linux+3 · Linux Kernel+3

CVE-2015-1350

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 791