PT-2016-7214 · Linux+5 · Linux Kernel+5

Andrej Nemec

Publicado

2016-10-16

Atualizado

2023-02-12

CVE-2016-7097

CVSS v3.1

4.4

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.8.2

Description The issue concerns the filesystem implementation in the Linux kernel, which preserves the setgid bit during a setxattr call. This allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

Recommendations For Linux kernel versions through 4.8.2, update to a version later than 4.8.2 to resolve the issue.

Correção

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-285

Identificadores relacionados

ALT-PU-2016-2218

ALT-PU-2017-1330

CESA-2017_0817

CESA-2017_1842

CVE-2016-7097

DLA-772-1

MGASA-2016-0372

OPENSUSE-SU-2016_3021-1

OPENSUSE-SU-2016_3058-1

RHSA-2017:0817

RHSA-2017:1842

RHSA-2017:2077

RHSA-2017:2669

RHSA-2017_0817

RHSA-2017_1842

RHSA-2017_2077

SUSE-SU-2016:2912-1

SUSE-SU-2016:2976-1

SUSE-SU-2016:3304-1

SUSE-SU-2017:0333-1

SUSE-SU-2017:0471-1

SUSE-SU-2017:0494-1

SUSE-SU-2017:1102-1

USN-3146-1

USN-3146-2

USN-3147-1

USN-3161-3

USN-3161-4

USN-3162-2

USN-3422-1

USN-3422-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2016-7214 · Linux+5 · Linux Kernel+5

CVE-2016-7097

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 521