PT-2016-5378 · Linux+5 · Linux Kernel+5

Ben Hawkes

·

Publicado

2016-03-09

·

Atualizado

2024-06-15

·

CVE-2016-3134

CVSS v3.1

8.4

Alta

VetorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5.2
Description The issue concerns the netfilter subsystem in the Linux kernel, which fails to validate certain offset fields. This allows local users to gain privileges or cause a denial of service, resulting in heap memory corruption, through an IPT SO SET REPLACE setsockopt call.
Recommendations For Linux kernel versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2016-1470
ALT-PU-2017-1330
CESA-2016_1847
CVE-2016-3134
DLA-516-1
DSA-3607-1
OPENSUSE-SU-2016_1641-1
OPENSUSE-SU-2016_2144-1
OPENSUSE-SU-2016_2290-1
OPENSUSE-SU-2024:10128-1
RHSA-2016:1847
RHSA-2016:1875
RHSA-2016:1883
RHSA-2016_1847
RHSA-2016_1875
SUSE-SU-2016:1672-1
SUSE-SU-2016:1690-1
SUSE-SU-2016:1696-1
SUSE-SU-2016:1764-1
SUSE-SU-2016:1961-1
SUSE-SU-2016:1985-1
SUSE-SU-2016:1994-1
SUSE-SU-2016:1995-1
SUSE-SU-2016:2000-1
SUSE-SU-2016:2001-1
SUSE-SU-2016:2002-1
SUSE-SU-2016:2005-1
SUSE-SU-2016:2006-1
SUSE-SU-2016:2007-1
SUSE-SU-2016:2009-1
SUSE-SU-2016:2010-1
SUSE-SU-2016:2014-1
SUSE-SU-2016:2074-1
SUSE-SU-2016:2245-1
USN-2929-1
USN-2929-2
USN-2930-1
USN-2930-2
USN-2930-3
USN-2931-1
USN-2932-1
USN-3049-1
USN-3050-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu