PT-2019-4752 · Linux+5 · Linux Kernel+5

Ori Nimron

·

Publicado

2019-09-20

·

Atualizado

2022-03-31

·

CVE-2019-17055

CVSS v3.1

3.3

Baixa

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.3.2
Description The issue is related to the base sock create function in the AF ISDN network module of the Linux kernel, which lacks sufficient input validation. This can be exploited to impact data integrity. Unprivileged users can create a raw socket due to the lack of enforcement of the CAP NET RAW capability.
Recommendations For Linux kernel versions through 5.3.2, update to a version that contains a fix for this issue to prevent unprivileged users from creating raw sockets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-862

Identificadores relacionados

ALT-PU-2019-2838
ALT-PU-2019-2845
ALT-PU-2019-2891
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-01324
CESA-2020_0790
CESA-2020_1567
CESA-2020_1769
CESA-2020_4060
CVE-2019-17055
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2503-1
OPENSUSE-SU-2019:2507-1
OPENSUSE-SU-2019_2503-1
OPENSUSE-SU-2019_2507-1
RHSA-2020:0790
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_0790
RHSA-2020_1567
RHSA-2020_1769
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2019:14218-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2951-1
SUSE-SU-2019:2953-1
SUSE-SU-2019:2984-1
SUSE-SU-2019:3200-1
SUSE-SU-2019:3294-1
SUSE-SU-2019:3295-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3371-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3381-1
SUSE-SU-2019_14218-1
SUSE-SU-2020:0093-1
USN-4184-1
USN-4185-1
USN-4185-2
USN-4186-1
USN-4186-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu