PT-2016-3583 · Linux+3 · Linux Kernel+3

Wade Mealing

Published

2015-06-03

Updated

2021-07-15

CVE-2015-1350

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x

Description The issue allows local users to cause a denial of service, specifically capability stripping, via a failed invocation of a system call. This can be demonstrated by using the chown command to remove a capability from certain programs, such as ping or Wireshark dumpcap.

Recommendations For Linux kernel version 3.x, consider restricting the use of the chown command to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the chown command to remove capabilities from sensitive programs.

Exploit

Fix

DoS

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

ALT-PU-2015-1485

ALT-PU-2015-1849

CVE-2015-1350

DLA-772-1

OPENSUSE-SU-2016_3050-1

SUSE-SU-2017:0181-1

SUSE-SU-2017:0333-1

SUSE-SU-2017:0437-1

SUSE-SU-2017:0494-1

SUSE-SU-2017:1102-1

SUSE-SU-2017:1247-1

SUSE-SU-2017:1360-1

USN-3361-1

USN-4904-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2016-3583 · Linux+3 · Linux Kernel+3

CVE-2015-1350

Weakness Enumeration

Related Identifiers

Affected Products

References · 791