PT-2019-5696 · Linux+3 · Linux Kernel+3

Ori Nimron

·

Publicado

2019-09-24

·

Atualizado

2021-05-28

·

CVE-2019-17056

CVSS v3.1

3.3

Baixa

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.3.2
Description The issue is related to the llcp sock create function in the AF NFC network module, which does not properly enforce the CAP NET RAW capability. This means that unprivileged users can create a raw socket. The vulnerability is associated with a lack of standard permission mechanisms, which could allow an attacker to impact data integrity.
Recommendations For Linux kernel versions through 5.3.2, update to a version that contains a fix for this issue to prevent unprivileged users from creating raw sockets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

ALT-PU-2019-2838
ALT-PU-2019-2845
ALT-PU-2019-2891
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-05796
CVE-2019-17056
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2392-1
OPENSUSE-SU-2019:2444-1
OPENSUSE-SU-2019_2392-1
OPENSUSE-SU-2019_2444-1
SUSE-SU-2019:2879-1
SUSE-SU-2019:2946-1
SUSE-SU-2019:2947-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2951-1
SUSE-SU-2019:2952-1
SUSE-SU-2019:2953-1
SUSE-SU-2019:2984-1
SUSE-SU-2019:3200-1
SUSE-SU-2019:3294-1
SUSE-SU-2019:3295-1
SUSE-SU-2020:0093-1
USN-4184-1
USN-4185-1
USN-4185-2
USN-4186-1
USN-4186-2

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu