Vulnerability-Lookup

CVE-2016-1237 (GCVE-0-2016-1237)

Vulnerability from cvelistv5 – Published: 2016-06-29 14:00 – Updated: 2024-08-05 22:48

Summary

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

Severity ?

No CVSS data available.

CWE

Assigner

debian

References

URL

Tags

	http://www.ubuntu.com/usn/USN-3070-1	vendor-advisoryx_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1350845	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3053-1	vendor-advisoryx_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2016/06/25/2	mailing-listx_refsource_MLIST
	http://www.ubuntu.com/usn/USN-3070-3	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2016/dsa-3607	vendor-advisoryx_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-3070-2	vendor-advisoryx_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/99965378…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91456	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-3070-4	vendor-advisoryx_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3070-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3070-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
          },
          {
            "name": "USN-3053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3053-1"
          },
          {
            "name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file\u0027s ACL over NFS and grant access to it",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
          },
          {
            "name": "USN-3070-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3070-3"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-3070-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3070-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
          },
          {
            "name": "91456",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91456"
          },
          {
            "name": "USN-3070-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3070-4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T20:57:01.000Z",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "USN-3070-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3070-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
        },
        {
          "name": "USN-3053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3053-1"
        },
        {
          "name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file\u0027s ACL over NFS and grant access to it",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
        },
        {
          "name": "USN-3070-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3070-3"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-3070-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3070-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
        },
        {
          "name": "91456",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91456"
        },
        {
          "name": "USN-3070-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3070-4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2016-1237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3070-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3070-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
            },
            {
              "name": "USN-3053-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3053-1"
            },
            {
              "name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file\u0027s ACL over NFS and grant access to it",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
            },
            {
              "name": "USN-3070-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3070-3"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3070-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3070-2"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
            },
            {
              "name": "91456",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91456"
            },
            {
              "name": "USN-3070-4",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3070-4"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2016-1237",
    "datePublished": "2016-06-29T14:00:00.000Z",
    "dateReserved": "2015-12-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:48:13.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2016-04387

Vulnerability from cnvd - Published: 2016-06-30

Title

Linux kernel nfsd权限获取漏洞

Description

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。nfsd是NFS（Network File System，网络文件系统）服务器中的一个守护进程。 Linux kernel的nfsd中存在安全漏洞。攻击者可利用该漏洞为文件设置访问控制列表，获取访问权限。

Severity

高

Patch Name

Linux kernel nfsd权限获取漏洞的补丁

Patch Description

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。nfsd是NFS（Network File System，网络文件系统）服务器中的一个守护进程。 Linux kernel的nfsd中存在安全漏洞。攻击者可利用该漏洞为文件设置访问控制列表，获取访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61

Reference

http://www.openwall.com/lists/oss-security/2016/06/25/2

Impacted products

Name
Linux Kernel

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1237"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002nfsd\u662fNFS\uff08Network File System\uff0c\u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf\uff09\u670d\u52a1\u5668\u4e2d\u7684\u4e00\u4e2a\u5b88\u62a4\u8fdb\u7a0b\u3002\r\n\r\nLinux kernel\u7684nfsd\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u6587\u4ef6\u8bbe\u7f6e\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff0c\u83b7\u53d6\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Salvatore Bonaccorso",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04387",
  "openTime": "2016-06-30",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002nfsd\u662fNFS\uff08Network File System\uff0c\u7f51\u7edc\u6587\u4ef6\u7cfb\u7edf\uff09\u670d\u52a1\u5668\u4e2d\u7684\u4e00\u4e2a\u5b88\u62a4\u8fdb\u7a0b\u3002\r\n\r\nLinux kernel\u7684nfsd\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u6587\u4ef6\u8bbe\u7f6e\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff0c\u83b7\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel nfsd\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2016/06/25/2",
  "serverity": "\u9ad8",
  "submitTime": "2016-06-28",
  "title": "Linux kernel nfsd\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

FKIE_CVE-2016-1237

Vulnerability from fkie_nvd - Published: 2016-06-29 14:10 - Updated: 2025-04-12 10:46

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

References

URL	Tags
security@debian.org	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4	Vendor Advisory
security@debian.org	http://www.debian.org/security/2016/dsa-3607
security@debian.org	http://www.openwall.com/lists/oss-security/2016/06/25/2
security@debian.org	http://www.securityfocus.com/bid/91456
security@debian.org	http://www.ubuntu.com/usn/USN-3053-1
security@debian.org	http://www.ubuntu.com/usn/USN-3070-1
security@debian.org	http://www.ubuntu.com/usn/USN-3070-2
security@debian.org	http://www.ubuntu.com/usn/USN-3070-3
security@debian.org	http://www.ubuntu.com/usn/USN-3070-4
security@debian.org	https://bugzilla.redhat.com/show_bug.cgi?id=1350845
security@debian.org	https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3607
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/06/25/2
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91456
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3053-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3070-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3070-2
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3070-3
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3070-4
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1350845
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4	Vendor Advisory

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC099084-12C9-4396-ABC7-F389CFAD871E",
              "versionEndIncluding": "4.6.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."
    },
    {
      "lang": "es",
      "value": "nfsd en el kernel de Linux hasta la versi\u00f3n 4.6.3 permite a usuarios locales eludir las restricciones destinadas al permiso de archivo ajustando una POSIX ACL relacionada con nfs2acl.c, nfs3acl.c y nfs4acl.c."
    }
  ],
  "id": "CVE-2016-1237",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-29T14:10:01.457",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2016/dsa-3607"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.securityfocus.com/bid/91456"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-3053-1"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-3070-1"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-3070-2"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-3070-3"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.ubuntu.com/usn/USN-3070-4"
    },
    {
      "source": "security@debian.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3053-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3070-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3070-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3070-3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3070-4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-1237

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

Aliases

CVE-2016-1237

Aliases

CVE-2016-1237

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1237",
    "description": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.",
    "id": "GSD-2016-1237",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-1237.html",
      "https://www.debian.org/security/2016/dsa-3607",
      "https://ubuntu.com/security/CVE-2016-1237",
      "https://advisories.mageia.org/CVE-2016-1237.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-1237.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1237"
      ],
      "details": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.",
      "id": "GSD-2016-1237",
      "modified": "2023-12-13T01:21:24.186158Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@debian.org",
        "ID": "CVE-2016-1237",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-3070-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3070-1"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
          },
          {
            "name": "USN-3053-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3053-1"
          },
          {
            "name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file\u0027s ACL over NFS and grant access to it",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
          },
          {
            "name": "USN-3070-3",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3070-3"
          },
          {
            "name": "DSA-3607",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-3070-2",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3070-2"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4",
            "refsource": "CONFIRM",
            "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
          },
          {
            "name": "91456",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91456"
          },
          {
            "name": "USN-3070-4",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3070-4"
          },
          {
            "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.6.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2016-1237"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
            },
            {
              "name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file\u0027s ACL over NFS and grant access to it",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
            },
            {
              "name": "USN-3070-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-3070-2"
            },
            {
              "name": "91456",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/91456"
            },
            {
              "name": "USN-3070-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-3070-1"
            },
            {
              "name": "USN-3053-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-3053-1"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3070-3",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-3070-3"
            },
            {
              "name": "USN-3070-4",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-3070-4"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-11-28T19:58Z",
      "publishedDate": "2016-06-29T14:10Z"
    }
  }
}

GHSA-R3GQ-M2H3-69WV

Vulnerability from github – Published: 2022-05-17 03:43 – Updated: 2022-05-17 03:43

Details

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-29T14:10:00Z",
    "severity": "MODERATE"
  },
  "details": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.",
  "id": "GHSA-r3gq-m2h3-69wv",
  "modified": "2022-05-17T03:43:05Z",
  "published": "2022-05-17T03:43:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3607"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91456"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3053-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3070-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3070-2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3070-3"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3070-4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2016-AVI-278

Vulnerability from certfr_avis - Published: 2016-08-11 - Updated: 2016-08-11

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-3052-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3049-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3055-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3051-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3057-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3056-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3053-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3050-1 du 10 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3054-1 du 10 août 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 12.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4470"
    },
    {
      "name": "CVE-2016-4794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4794"
    },
    {
      "name": "CVE-2016-3135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3135"
    },
    {
      "name": "CVE-2016-5243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
    },
    {
      "name": "CVE-2016-3961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3961"
    },
    {
      "name": "CVE-2016-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
    },
    {
      "name": "CVE-2016-1237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1237"
    }
  ],
  "initial_release_date": "2016-08-11T00:00:00",
  "last_revision_date": "2016-08-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-278",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3052-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3052-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3049-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3049-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3055-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3055-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3051-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3051-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3057-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3057-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3056-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3056-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3053-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3053-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3050-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3050-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3054-1 du 10 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3054-1/"
    }
  ]
}

CERTFR-2016-AVI-289

Vulnerability from certfr_avis - Published: 2016-08-30 - Updated: 2016-08-30

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 14.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-3070-1 du 29 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3071-2 du 29 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3072-2 du 29 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3072-1 du 29 août 2016	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3071-1 du 29 août 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 12.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-5829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5829"
    },
    {
      "name": "CVE-2016-5828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5828"
    },
    {
      "name": "CVE-2016-5244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5244"
    },
    {
      "name": "CVE-2016-5696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5696"
    },
    {
      "name": "CVE-2016-5728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5728"
    },
    {
      "name": "CVE-2016-6197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6197"
    },
    {
      "name": "CVE-2016-5400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5400"
    },
    {
      "name": "CVE-2016-1237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1237"
    }
  ],
  "initial_release_date": "2016-08-30T00:00:00",
  "last_revision_date": "2016-08-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-289",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3070-1 du 29 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3070-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3071-2 du 29 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3071-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3072-2 du 29 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3072-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3072-1 du 29 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3072-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3071-1 du 29 ao\u00fbt 2016",
      "url": "http://www.ubuntu.com/usn/usn-3071-1/"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1237 (GCVE-0-2016-1237)

CNVD-2016-04387

FKIE_CVE-2016-1237

GSD-2016-1237

GHSA-R3GQ-M2H3-69WV

CERTFR-2016-AVI-278

Solution

CERTFR-2016-AVI-289

Solution

Tags

Sightings

Nomenclature