PT-2016-4989 · Linux+4 · Linux Kernel+4

Marcel Holtmann

Publicado

2015-11-18

Atualizado

2018-08-30

CVE-2016-2053

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.3

Description The issue allows attackers to cause a denial of service, leading to a panic, through an ASN.1 BER file that lacks a public key. This is due to the mishandling by the public key verify signature function in crypto/asymmetric keys/public key.c when the asn1 ber decoder function in lib/asn1 decoder.c is used.

Recommendations For Linux kernel versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of ASN.1 BER files that lack a public key to minimize the risk of exploitation.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

ALT-PU-2015-2010

ALT-PU-2016-1485

CESA-2016_2574

CVE-2016-2053

OPENSUSE-SU-2016_1641-1

OPENSUSE-SU-2016_2144-1

OPENSUSE-SU-2016_2184-1

RHSA-2016:2574

RHSA-2016:2584

RHSA-2016_2574

RHSA-2016_2584

SUSE-SU-2016:1672-1

SUSE-SU-2016:1690-1

SUSE-SU-2016:1937-1

SUSE-SU-2016:1961-1

SUSE-SU-2016:1985-1

SUSE-SU-2016:1994-1

SUSE-SU-2016:1995-1

SUSE-SU-2016:2000-1

SUSE-SU-2016:2001-1

SUSE-SU-2016:2002-1

SUSE-SU-2016:2003-1

SUSE-SU-2016:2005-1

SUSE-SU-2016:2006-1

SUSE-SU-2016:2007-1

SUSE-SU-2016:2009-1

SUSE-SU-2016:2010-1

SUSE-SU-2016:2011-1

SUSE-SU-2016:2014-1

SUSE-SU-2016:2105-1

SUSE-SU-2016:2245-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2016-4989 · Linux+4 · Linux Kernel+4

CVE-2016-2053

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 369