PT-2017-15013 · Linux+4 · Linux Kernel+4

Publicado

2017-12-15

Atualizado

2020-04-08

CVE-2017-17807

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.14.6

Description The issue concerns the KEYS subsystem in the Linux kernel, which failed to perform an access-control check when adding a key to the current task's "default request-key keyring" via the request key() system call. This allowed a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission, not Write permission, related to the construct get dest keyring() function in security/keys/request key.c.

Recommendations For Linux kernel versions prior to 4.14.6, update to version 4.14.6 or later to resolve the issue.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

ALT-PU-2017-2802

ALT-PU-2018-1991

CESA-2020_1016

CVE-2017-17807

DLA-1232-1

DSA-4073-1

DSA-4082-1

RHSA-2020:1016

RHSA-2020:1070

RHSA-2020_1016

RHSA-2020_1070

USN-3617-1

USN-3617-2

USN-3617-3

USN-3619-1

USN-3619-2

USN-3620-1

USN-3620-2

USN-3632-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2017-15013 · Linux+4 · Linux Kernel+4

CVE-2017-17807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 81