PT-2016-6763 · Linux+4 · Linux Kernel+4

Pengfei Wang

Publicado

2016-08-06

Atualizado

2018-01-05

CVE-2016-6136

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.8

Description The issue is related to a race condition in the audit log single execve arg function, allowing local users to bypass character-set restrictions or disrupt system-call auditing by changing a certain string. This is due to a "double fetch" vulnerability.

Recommendations For Linux kernel versions prior to 4.8, update to version 4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the audit log single execve arg function until a patch is available.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2016-1862

ALT-PU-2017-1330

CESA-2016_2574

CESA-2017_0307

CVE-2016-6136

DLA-609-1

DSA-3659-1

RHSA-2016:2574

RHSA-2016:2584

RHSA-2016_2574

RHSA-2016_2584

RHSA-2017:0307

RHSA-2017_0307

USN-3084-1

USN-3084-2

USN-3084-3

USN-3084-4

USN-3097-1

USN-3097-2

USN-3098-1

USN-3098-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2016-6763 · Linux+4 · Linux Kernel+4

CVE-2016-6136

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43