Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-6074 (GCVE-0-2017-6074)
Vulnerability from cvelistv5 – Published: 2017-02-18 21:40 – Updated: 2024-08-05 15:18
VLAI?
EPSS
Summary
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"name": "RHSA-2017:0324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"name": "RHSA-2017:0365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"name": "RHSA-2017:0347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "RHSA-2017:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"name": "[oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"name": "RHSA-2017:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "RHSA-2017:0932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "1037876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037876"
},
{
"name": "RHSA-2017:0316",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"name": "RHSA-2017:0294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"name": "RHSA-2017:0295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"name": "RHSA-2017:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"name": "RHSA-2017:0346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"name": "RHSA-2017:0403",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"name": "DSA-3791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"name": "RHSA-2017:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"name": "96310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96310"
},
{
"name": "41457",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41457/"
},
{
"name": "41458",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41458/"
},
{
"name": "RHSA-2017:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"name": "RHSA-2017:0324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"name": "RHSA-2017:0365",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"name": "RHSA-2017:0347",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "RHSA-2017:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"name": "[oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"name": "RHSA-2017:0501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "RHSA-2017:0932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "1037876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037876"
},
{
"name": "RHSA-2017:0316",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"name": "RHSA-2017:0294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"name": "RHSA-2017:0295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"name": "RHSA-2017:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"name": "RHSA-2017:0346",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"name": "RHSA-2017:0403",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"name": "DSA-3791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"name": "RHSA-2017:0293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"name": "96310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96310"
},
{
"name": "41457",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41457/"
},
{
"name": "41458",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41458/"
},
{
"name": "RHSA-2017:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"name": "RHSA-2017:0324",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"name": "RHSA-2017:0365",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"name": "RHSA-2017:0347",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "RHSA-2017:1209",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"name": "[oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"name": "RHSA-2017:0501",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "RHSA-2017:0932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "1037876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037876"
},
{
"name": "RHSA-2017:0316",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"name": "RHSA-2017:0294",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"name": "RHSA-2017:0295",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"name": "RHSA-2017:0366",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"name": "RHSA-2017:0346",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"name": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"name": "RHSA-2017:0403",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"name": "RHSA-2017:0293",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"name": "https://www.tenable.com/security/tns-2017-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"name": "96310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96310"
},
{
"name": "41457",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41457/"
},
{
"name": "41458",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41458/"
},
{
"name": "RHSA-2017:0345",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6074",
"datePublished": "2017-02-18T21:40:00.000Z",
"dateReserved": "2017-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2GWG-MMMC-55J4
Vulnerability from github – Published: 2022-05-14 03:13 – Updated: 2025-04-20 03:33
VLAI?
Details
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2017-6074"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-18T21:59:00Z",
"severity": "HIGH"
},
"details": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.",
"id": "GHSA-2gwg-mmmc-55j4",
"modified": "2025-04-20T03:33:04Z",
"published": "2022-05-14T03:13:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6074"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41457"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41458"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96310"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037876"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2017-AVI-162
Vulnerability from certfr_avis - Published: 2017-05-22 - Updated: 2017-05-22
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module pour Public Cloud 12 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP1 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Public Cloud 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2117"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-6346",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6346"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2015-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1350"
},
{
"name": "CVE-2017-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
},
{
"name": "CVE-2016-3070",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3070"
},
{
"name": "CVE-2017-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6345"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2016-5243",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-8106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8106"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2016-1004",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1004"
},
{
"name": "CVE-2016-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1020"
},
{
"name": "CVE-2016-9588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9588"
},
{
"name": "CVE-2017-5897",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5897"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2016-9191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9191"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2016-9604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9604"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
},
{
"name": "CVE-2017-5669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
}
],
"initial_release_date": "2017-05-22T00:00:00",
"last_revision_date": "2017-05-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:1360-1 du 19 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171360-1/"
}
],
"reference": "CERTFR-2017-AVI-162",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2017:1360-1 du 19 mai 2017",
"url": null
}
]
}
CERTFR-2017-AVI-156
Vulnerability from certfr_avis - Published: 2017-05-16 - Updated: 2017-05-17
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2016-5243",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2015-3288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3288"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2016-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1020"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2017-7184",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7184"
},
{
"name": "CVE-2015-8970",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8970"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
},
{
"name": "CVE-2017-5669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
}
],
"initial_release_date": "2017-05-16T00:00:00",
"last_revision_date": "2017-05-17T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171303-1 du 16 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171308-1/"
}
],
"reference": "CERTFR-2017-AVI-156",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-16T00:00:00.000000"
},
{
"description": "ajout du bulletin de s\u00e9curit\u00e9 Suse suse-su-20171308-1.",
"revision_date": "2017-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de\nservice.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171290-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171290-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171283-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171283-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171280-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171280-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171294-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171294-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171303-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171303-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171285-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171285-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171288-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171288-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171302-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171302-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171281-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171281-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171300-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171300-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171308-1 du 16 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171289-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171289-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171287-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171287-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171301-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171301-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171293-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171293-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171278-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171278-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171299-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171299-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171291-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171291-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171297-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171297-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171277-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171277-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171284-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171284-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171279-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171279-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171295-1 du 15 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171295-1/"
}
]
}
CERTFR-2017-AVI-058
Vulnerability from certfr_avis - Published: 2017-02-22 - Updated: 2017-02-22
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 12.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5549",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5549"
},
{
"name": "CVE-2017-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2584"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
},
{
"name": "CVE-2016-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1008"
},
{
"name": "CVE-2016-9588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9588"
},
{
"name": "CVE-2016-9191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9191"
},
{
"name": "CVE-2016-7910",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7910"
},
{
"name": "CVE-2016-7911",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7911"
}
],
"initial_release_date": "2017-02-22T00:00:00",
"last_revision_date": "2017-02-22T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-058",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3207-1 du 21 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3207-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3208-1 du 22 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3208-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3207-2 du 21 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3207-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3208-2 du 22 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3208-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3209-1 du 22 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3209-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu usn-3206-1 du 21 f\u00e9vrier 2017",
"url": "https://www.ubuntu.com/usn/usn-3206-1/"
}
]
}
CERTFR-2017-AVI-282
Vulnerability from certfr_avis - Published: 2017-09-05 - Updated: 2017-09-05
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 11-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Real Time Extension 11-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2636"
},
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2016-4997",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-7482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7482"
},
{
"name": "CVE-2017-9242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9242"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
},
{
"name": "CVE-2016-10200",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10200"
},
{
"name": "CVE-2017-8925",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8925"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2016-5243",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-1000363",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000363"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2014-9922",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9922"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-7487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7487"
},
{
"name": "CVE-2015-3288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3288"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2016-4998",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4998"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2017-8924",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8924"
},
{
"name": "CVE-2016-2188",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2188"
},
{
"name": "CVE-2017-1000380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
},
{
"name": "CVE-2017-7184",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7184"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9075"
},
{
"name": "CVE-2015-8970",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8970"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
},
{
"name": "CVE-2017-5669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
}
],
"initial_release_date": "2017-09-05T00:00:00",
"last_revision_date": "2017-09-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2342-1 du 04 septembre 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172342-1/"
}
],
"reference": "CERTFR-2017-AVI-282",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SU-2017:2342-1 du 04 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-141
Vulnerability from certfr_avis - Published: 2017-05-09 - Updated: 2017-05-09
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Suse. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12 | ||
| SUSE | N/A | OpenStack Cloud Magnum Orchestration 7 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP2 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for Raspberry Pi 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "OpenStack Cloud Magnum Orchestration 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7374",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7374"
},
{
"name": "CVE-2016-2117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2117"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-6346",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6346"
},
{
"name": "CVE-2017-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6345"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2017-6347",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6347"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2016-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1020"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2016-9191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9191"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2017-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2596"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
}
],
"initial_release_date": "2017-05-09T00:00:00",
"last_revision_date": "2017-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-141",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Suse\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de\nservice.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Suse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Suse suse-su-20171183-1 du 05 mai 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171183-1/"
}
]
}
CERTFR-2018-AVI-026
Vulnerability from certfr_avis - Published: 2018-01-11 - Updated: 2018-01-11
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 15.1X53 antérieures à 15.1X53-D232 sur QFX5200/5110 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.1 antérieures à 17.1R2-S5, 17.1R3 et 17.1R3 sur MX series | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 antérieures à 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7 | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1 antérieures à 16.1R6 sur MX series | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53 antérieures à 15.1X53-D70, 15.1X53-D231 | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1 antérieures à 14.1R9 sur MX series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.2 antérieures à 16.2R2, 16.2R2-S2, 16.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 14.2 antérieures à 14.2R8 | ||
| N/A | N/A | CTPView versions 7.1, 7.2 et 7.3. | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 antérieures à 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7, 15.1F6, 15.1R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 antérieures à 15.1R6-S2, 15.1R7 | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1 antérieures à 16.1R5-S1, 16.1R6 | ||
| Juniper Networks | Junos Space | Junos Space antérieures à 17.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 antérieures à 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 sur MX series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.2 antérieures à 16.2R3 sur MX series | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49 versions 15.1X49-D100 et supérieures mais antérieures à 15.1X49-D121 | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53 antérieures à 14.1X53-D40 sur QFX, EX | ||
| Juniper Networks | Junos OS | Junos OS versions 14.2 antérieures à 14.2R8 sur MX series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46 antérieures à 12.1X46-D71 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49 antérieures à 15.1X49-D110 sur SRX | ||
| N/A | N/A | ScreenOS toutes versions sans le dernier correctif de sécurité | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1X65 antérieures à 16.1X65-D45 | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1 antérieures à 14.1R8-S5, 14.1R9 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48 antérieures à 12.3X48-D55 sur SRX | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1R5-S4, 15.1R5-S5 et 15.1R6 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46 antérieures à 12.1X46-D71 sur SRX | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3 antérieures à 12.3R12-S7 | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53 antérieures à 14.1X53-D46, 14.1X53-D50 et 14.1X53-D107 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3R antérieures à 12.3R12-S7 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48 antérieures à 12.3X48-D55 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3R12 antérieures à 12.3R12-S7 | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48 versions 12.3X48-D55 et supérieures mais antérieures à 12.3X48-D65 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75 antérieures à 17.2X75-D50 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53 antérieures à 15.1X53-D49, 15.1X53-D470 sur NFX | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53 antérieures à 15.1X53-D65 sur QFX10K | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1 antérieures à 16.1R3-S6, 16.1R4-S6 et 16.1R5 | ||
| ESET | Security | Security Director et Log Collector antérieures à 17.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 14.2 antérieures à 14.2R7-S9, 14.2R8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D232 sur QFX5200/5110",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S5, 17.1R3 et 17.1R3 sur MX series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R6 sur MX series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D70, 15.1X53-D231",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1 ant\u00e9rieures \u00e0 14.1R9 sur MX series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R2, 16.2R2-S2, 16.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "CTPView versions 7.1, 7.2 et 7.3.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7, 15.1F6, 15.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R6-S2, 15.1R7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5-S1, 16.1R6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space ant\u00e9rieures \u00e0 17.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 sur MX series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R3 sur MX series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49 versions 15.1X49-D100 et sup\u00e9rieures mais ant\u00e9rieures \u00e0 15.1X49-D121",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D40 sur QFX, EX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R8 sur MX series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D71",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D110 sur SRX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "ScreenOS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1X65 ant\u00e9rieures \u00e0 16.1X65-D45",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1 ant\u00e9rieures \u00e0 14.1R8-S5, 14.1R9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55 sur SRX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1R5-S4, 15.1R5-S5 et 15.1R6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D71 sur SRX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3 ant\u00e9rieures \u00e0 12.3R12-S7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D46, 14.1X53-D50 et 14.1X53-D107",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3R ant\u00e9rieures \u00e0 12.3R12-S7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3R12 ant\u00e9rieures \u00e0 12.3R12-S7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48 versions 12.3X48-D55 et sup\u00e9rieures mais ant\u00e9rieures \u00e0 12.3X48-D65",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75 ant\u00e9rieures \u00e0 17.2X75-D50",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D49, 15.1X53-D470 sur NFX",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D65 sur QFX10K",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S6, 16.1R4-S6 et 16.1R5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director et Log Collector ant\u00e9rieures \u00e0 17.2R1",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R7-S9, 14.2R8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"name": "CVE-2017-14106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14106"
},
{
"name": "CVE-2018-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0002"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2018-0008",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0008"
},
{
"name": "CVE-2015-6563",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
},
{
"name": "CVE-2018-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0013"
},
{
"name": "CVE-2015-6564",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
},
{
"name": "CVE-2015-7236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7236"
},
{
"name": "CVE-2017-7668",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
},
{
"name": "CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"name": "CVE-2018-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0011"
},
{
"name": "CVE-2016-2141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2141"
},
{
"name": "CVE-2015-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
},
{
"name": "CVE-2015-5304",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5304"
},
{
"name": "CVE-2018-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0012"
},
{
"name": "CVE-2018-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0003"
},
{
"name": "CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"name": "CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"name": "CVE-2017-1000112",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000112"
},
{
"name": "CVE-2016-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
},
{
"name": "CVE-2017-5664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5664"
},
{
"name": "CVE-2017-1000111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-5645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
},
{
"name": "CVE-2018-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0010"
},
{
"name": "CVE-2018-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0005"
},
{
"name": "CVE-2018-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0007"
},
{
"name": "CVE-2016-8655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8655"
},
{
"name": "CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"name": "CVE-2015-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5188"
},
{
"name": "CVE-2018-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0009"
},
{
"name": "CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"name": "CVE-2018-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0004"
},
{
"name": "CVE-2018-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0014"
},
{
"name": "CVE-2017-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2634"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2015-5220",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5220"
},
{
"name": "CVE-2018-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0006"
},
{
"name": "CVE-2018-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0001"
}
],
"initial_release_date": "2018-01-11T00:00:00",
"last_revision_date": "2018-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-026",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10838 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10838\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10831 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10831\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10835 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10835\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10833 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10833\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10837 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10837\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10841 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10841\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10828 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10828\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10834 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10834\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10829 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10829\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10836 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10836\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10839 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10839\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10830 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10830\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10832 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10832\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10840 du 10 janvier 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10840\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2017-AVI-311
Vulnerability from certfr_avis - Published: 2017-09-20 - Updated: 2017-09-20
De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP3-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Point of Sale 11-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 11-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Point of Sale 11-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-1000365",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000365"
},
{
"name": "CVE-2017-8831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8831"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2017-6348",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
},
{
"name": "CVE-2017-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2647"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2017-6353",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6353"
},
{
"name": "CVE-2017-7482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7482"
},
{
"name": "CVE-2017-10661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10661"
},
{
"name": "CVE-2017-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12762"
},
{
"name": "CVE-2017-9242",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9242"
},
{
"name": "CVE-2017-14051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14051"
},
{
"name": "CVE-2017-6951",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6951"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-9074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
},
{
"name": "CVE-2016-10200",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10200"
},
{
"name": "CVE-2017-8925",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8925"
},
{
"name": "CVE-2017-9077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9077"
},
{
"name": "CVE-2017-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7533"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2016-5243",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5243"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-1000363",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000363"
},
{
"name": "CVE-2017-1000112",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000112"
},
{
"name": "CVE-2017-7294",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7294"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2017-7487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7487"
},
{
"name": "CVE-2017-2671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
},
{
"name": "CVE-2017-7542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7542"
},
{
"name": "CVE-2017-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
},
{
"name": "CVE-2017-5986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5986"
},
{
"name": "CVE-2017-8924",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8924"
},
{
"name": "CVE-2017-1000380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
},
{
"name": "CVE-2017-7184",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7184"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-9075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9075"
},
{
"name": "CVE-2017-11473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11473"
},
{
"name": "CVE-2017-7261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
},
{
"name": "CVE-2017-5669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
}
],
"initial_release_date": "2017-09-20T00:00:00",
"last_revision_date": "2017-09-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20172525-1 du 19 septembre 2017",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172525-1/"
}
],
"reference": "CERTFR-2017-AVI-311",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20172525-1 du 19 septembre 2017",
"url": null
}
]
}
CERTFR-2017-AVI-203
Vulnerability from certfr_avis - Published: 2017-07-06 - Updated: 2017-07-06
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 juillet 2017
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 5 juillet 2017\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-9039",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9039"
},
{
"name": "CVE-2015-9040",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9040"
},
{
"name": "CVE-2015-9036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9036"
},
{
"name": "CVE-2015-9055",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9055"
},
{
"name": "CVE-2017-8268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8268"
},
{
"name": "CVE-2017-0685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0685"
},
{
"name": "CVE-2017-0709",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0709"
},
{
"name": "CVE-2017-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0694"
},
{
"name": "CVE-2017-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0700"
},
{
"name": "CVE-2015-9044",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9044"
},
{
"name": "CVE-2015-9037",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9037"
},
{
"name": "CVE-2016-10346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10346"
},
{
"name": "CVE-2017-8271",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8271"
},
{
"name": "CVE-2017-0673",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0673"
},
{
"name": "CVE-2017-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0689"
},
{
"name": "CVE-2015-9072",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9072"
},
{
"name": "CVE-2017-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0708"
},
{
"name": "CVE-2017-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0682"
},
{
"name": "CVE-2017-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7308"
},
{
"name": "CVE-2016-10344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10344"
},
{
"name": "CVE-2015-9038",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9038"
},
{
"name": "CVE-2015-9067",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9067"
},
{
"name": "CVE-2017-0681",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0681"
},
{
"name": "CVE-2015-9068",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9068"
},
{
"name": "CVE-2015-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9050"
},
{
"name": "CVE-2014-9411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9411"
},
{
"name": "CVE-2015-9062",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9062"
},
{
"name": "CVE-2017-8246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8246"
},
{
"name": "CVE-2015-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9049"
},
{
"name": "CVE-2014-9978",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9978"
},
{
"name": "CVE-2017-8257",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8257"
},
{
"name": "CVE-2015-5707",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5707"
},
{
"name": "CVE-2017-0699",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0699"
},
{
"name": "CVE-2017-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0690"
},
{
"name": "CVE-2017-8261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8261"
},
{
"name": "CVE-2017-0698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0698"
},
{
"name": "CVE-2017-0668",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0668"
},
{
"name": "CVE-2015-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9048"
},
{
"name": "CVE-2017-0693",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0693"
},
{
"name": "CVE-2017-0680",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0680"
},
{
"name": "CVE-2017-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0702"
},
{
"name": "CVE-2017-8255",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8255"
},
{
"name": "CVE-2017-0688",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0688"
},
{
"name": "CVE-2017-5970",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
},
{
"name": "CVE-2017-8260",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8260"
},
{
"name": "CVE-2014-9975",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9975"
},
{
"name": "CVE-2017-0674",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0674"
},
{
"name": "CVE-2017-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0704"
},
{
"name": "CVE-2015-9046",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9046"
},
{
"name": "CVE-2017-8256",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8256"
},
{
"name": "CVE-2015-9061",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9061"
},
{
"name": "CVE-2017-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3544"
},
{
"name": "CVE-2016-10347",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10347"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-0683",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0683"
},
{
"name": "CVE-2014-9979",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9979"
},
{
"name": "CVE-2017-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8265"
},
{
"name": "CVE-2015-0575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0575"
},
{
"name": "CVE-2015-9035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9035"
},
{
"name": "CVE-2014-9974",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9974"
},
{
"name": "CVE-2016-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5872"
},
{
"name": "CVE-2017-0667",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0667"
},
{
"name": "CVE-2016-5863",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5863"
},
{
"name": "CVE-2017-0675",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0675"
},
{
"name": "CVE-2015-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9042"
},
{
"name": "CVE-2016-10391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10391"
},
{
"name": "CVE-2017-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0340"
},
{
"name": "CVE-2017-0710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0710"
},
{
"name": "CVE-2017-8272",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8272"
},
{
"name": "CVE-2014-9968",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9968"
},
{
"name": "CVE-2015-9041",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9041"
},
{
"name": "CVE-2017-8263",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8263"
},
{
"name": "CVE-2017-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0706"
},
{
"name": "CVE-2015-9070",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9070"
},
{
"name": "CVE-2015-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9071"
},
{
"name": "CVE-2014-9973",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9973"
},
{
"name": "CVE-2017-6074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6074"
},
{
"name": "CVE-2015-8596",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8596"
},
{
"name": "CVE-2014-9980",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9980"
},
{
"name": "CVE-2017-8270",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8270"
},
{
"name": "CVE-2017-8267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8267"
},
{
"name": "CVE-2017-0676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0676"
},
{
"name": "CVE-2017-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0672"
},
{
"name": "CVE-2017-8243",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8243"
},
{
"name": "CVE-2017-8266",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8266"
},
{
"name": "CVE-2017-0679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0679"
},
{
"name": "CVE-2017-0697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0697"
},
{
"name": "CVE-2015-8595",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8595"
},
{
"name": "CVE-2017-0666",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0666"
},
{
"name": "CVE-2017-8273",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8273"
},
{
"name": "CVE-2017-0691",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0691"
},
{
"name": "CVE-2015-9051",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9051"
},
{
"name": "CVE-2016-10389",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10389"
},
{
"name": "CVE-2015-9054",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9054"
},
{
"name": "CVE-2017-0671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0671"
},
{
"name": "CVE-2016-10383",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10383"
},
{
"name": "CVE-2017-8259",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8259"
},
{
"name": "CVE-2015-9043",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9043"
},
{
"name": "CVE-2017-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0695"
},
{
"name": "CVE-2017-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0696"
},
{
"name": "CVE-2017-0326",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0326"
},
{
"name": "CVE-2015-9045",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9045"
},
{
"name": "CVE-2017-8254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8254"
},
{
"name": "CVE-2015-9060",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9060"
},
{
"name": "CVE-2017-0686",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0686"
},
{
"name": "CVE-2014-9731",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9731"
},
{
"name": "CVE-2015-9052",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9052"
},
{
"name": "CVE-2017-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0711"
},
{
"name": "CVE-2016-10388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10388"
},
{
"name": "CVE-2017-0669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0669"
},
{
"name": "CVE-2017-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0684"
},
{
"name": "CVE-2016-10343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10343"
},
{
"name": "CVE-2017-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0707"
},
{
"name": "CVE-2017-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0701"
},
{
"name": "CVE-2017-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0692"
},
{
"name": "CVE-2017-8253",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8253"
},
{
"name": "CVE-2017-0677",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0677"
},
{
"name": "CVE-2014-9977",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9977"
},
{
"name": "CVE-2017-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0705"
},
{
"name": "CVE-2015-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9047"
},
{
"name": "CVE-2015-9069",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9069"
},
{
"name": "CVE-2015-9053",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9053"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2015-9073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9073"
},
{
"name": "CVE-2017-8269",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8269"
},
{
"name": "CVE-2017-0540",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0540"
},
{
"name": "CVE-2017-8258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8258"
},
{
"name": "CVE-2015-8592",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8592"
},
{
"name": "CVE-2017-0664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0664"
},
{
"name": "CVE-2015-9034",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9034"
},
{
"name": "CVE-2017-0665",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0665"
},
{
"name": "CVE-2016-10382",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10382"
},
{
"name": "CVE-2017-8264",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8264"
},
{
"name": "CVE-2017-8262",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8262"
},
{
"name": "CVE-2017-0670",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0670"
},
{
"name": "CVE-2016-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5871"
},
{
"name": "CVE-2017-0678",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0678"
}
],
"initial_release_date": "2017-07-06T00:00:00",
"last_revision_date": "2017-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-203",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 05 juillet 2017",
"url": "https://source.android.com/security/bulletin/2017-07-01"
}
]
}
FKIE_CVE-2017-6074
Vulnerability from fkie_nvd - Published: 2017-02-18 21:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0293.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0294.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0295.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0316.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0323.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0324.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0345.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0346.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0347.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0365.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0366.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0403.html | Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2017-0501.html | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3791 | Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/02/22/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/96310 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037876 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:0932 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:1209 | Third Party Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://source.android.com/security/bulletin/2017-07-01 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/41457/ | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/41458/ | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.tenable.com/security/tns-2017-07 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0293.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0294.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0295.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0316.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0323.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0324.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0345.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0346.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0347.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0365.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0366.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0403.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2017-0501.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3791 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/02/22/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96310 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037876 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:0932 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:1209 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://source.android.com/security/bulletin/2017-07-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/41457/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/41458/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2017-07 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93414DAF-13C5-4F37-8F16-486DDEFFE6AC",
"versionEndExcluding": "3.2.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3116EF11-56E7-4D40-9FD0-6109280D0247",
"versionEndExcluding": "3.10.106",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "714101BC-5F00-4257-A007-F21269AE5AC1",
"versionEndExcluding": "3.12.71",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CF2C65-6A2A-44EE-A67B-5DB1663C2B2A",
"versionEndExcluding": "3.16.41",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA77834-089F-4556-A00B-CAC1E08444BF",
"versionEndExcluding": "3.18.49",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9019BEC9-FE77-4506-A019-B8B4D8BCEBAE",
"versionEndExcluding": "4.1.41",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87F9D322-C14F-4E7A-BA48-87789CAC2DA7",
"versionEndExcluding": "4.4.52",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EFB5B2-2EEC-4D04-925A-77FBE0E5E76C",
"versionEndExcluding": "4.9.13",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call."
},
{
"lang": "es",
"value": "La funci\u00f3n dccp_rcv_state_process en net/dccp/input.c en el kernel de Linux hasta la versi\u00f3n 4.9.11 no maneja adecuadamente estructuras de paquetes de datos DCCP_PKT_REQUEST en el estado LISTEN, lo que permite a usuarios locales obtener privilegios root o provocar una denegaci\u00f3n de servicio (liberaci\u00f3n doble) a trav\u00e9s de una aplicaci\u00f3n que hace una llamada de sistema IPV6_RECVPKTINFO setsockopt."
}
],
"id": "CVE-2017-6074",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-18T21:59:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96310"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037876"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41457/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41458/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41457/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41458/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-07"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2017-01870
Vulnerability from cnvd - Published: 2017-02-24
VLAI Severity ?
Title
Linux kernel特权提升漏洞
Description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。
Linux kernel4.9.11及之前的版本中net/dccp/input.c文件的dccp_rcv_state_process函数存在安全漏洞,由于程序未能正确处理DCCP_PKT_REQUEST数据结构。攻击者可借助IPV6_RECVPKTINFO setsockopt系统调用的应用程序,利用该漏洞更改Linux内核内存,导致拒绝服务(系统崩溃)或获取系统上的管理访问权限。
Severity
高
Patch Name
Linux kernel特权提升漏洞的补丁
Patch Description
Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。
Linux kernel4.9.11及之前的版本中net/dccp/input.c文件的dccp_rcv_state_process函数存在安全漏洞,由于程序未能正确处理DCCP_PKT_REQUEST数据结构。攻击者可借助IPV6_RECVPKTINFO setsockopt系统调用的应用程序,利用该漏洞更改Linux内核内存,导致拒绝服务(系统崩溃)或获取系统上的管理访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
Reference
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
http://0day5.com/archives/4288/
Impacted products
| Name | Linux Kernel <=4.9.11 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-6074"
}
},
"description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel4.9.11\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2dnet/dccp/input.c\u6587\u4ef6\u7684dccp_rcv_state_process\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406DCCP_PKT_REQUEST\u6570\u636e\u7ed3\u6784\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9IPV6_RECVPKTINFO setsockopt\u7cfb\u7edf\u8c03\u7528\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539Linux\u5185\u6838\u5185\u5b58\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08\u7cfb\u7edf\u5d29\u6e83\uff09\u6216\u83b7\u53d6\u7cfb\u7edf\u4e0a\u7684\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002",
"discovererName": "Andrey Konovalov",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-01870",
"openTime": "2017-02-24",
"patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel4.9.11\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2dnet/dccp/input.c\u6587\u4ef6\u7684dccp_rcv_state_process\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406DCCP_PKT_REQUEST\u6570\u636e\u7ed3\u6784\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9IPV6_RECVPKTINFO setsockopt\u7cfb\u7edf\u8c03\u7528\u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539Linux\u5185\u6838\u5185\u5b58\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08\u7cfb\u7edf\u5d29\u6e83\uff09\u6216\u83b7\u53d6\u7cfb\u7edf\u4e0a\u7684\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u7279\u6743\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Linux Kernel \u003c=4.9.11"
},
"referenceLink": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4\r\nhttp://0day5.com/archives/4288/",
"serverity": "\u9ad8",
"submitTime": "2017-02-21",
"title": "Linux kernel\u7279\u6743\u63d0\u5347\u6f0f\u6d1e"
}
CVE-2017-6074
Vulnerability from fstec - Published: 17.02.2017
VLAI Severity ?
Title
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или получить привилегии суперпользователя
Description
Уязвимость функции dccp_rcv_state_process в net/dccp/input.c ядра операционной системы Linux связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, из-за неправильного управления DCCP_PKT_REQUEST структурами пакетов данных в состоянии LISTEN, получить привилегии суперпользователя или вызвать отказ в обслуживании (повторное освобождение) при помощи приложения, которое осуществляет системный вызов IPV6_RECVPKTINFO setsockopt
Severity ?
Vendor
Сообщество свободного программного обеспечения
Software Name
Linux
Software Version
от 4.2 до 4.4.51 включительно (Linux), от 4.5 до 4.9.12 включительно (Linux), от 2.6.16 до 4.1.40 включительно (Linux)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.41
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
Reference
http://rhn.redhat.com/errata/RHSA-2017-0293.html
http://rhn.redhat.com/errata/RHSA-2017-0294.html
http://rhn.redhat.com/errata/RHSA-2017-0295.html
http://rhn.redhat.com/errata/RHSA-2017-0316.html
http://rhn.redhat.com/errata/RHSA-2017-0323.html
http://rhn.redhat.com/errata/RHSA-2017-0324.html
http://rhn.redhat.com/errata/RHSA-2017-0345.html
http://rhn.redhat.com/errata/RHSA-2017-0346.html
http://rhn.redhat.com/errata/RHSA-2017-0347.html
http://rhn.redhat.com/errata/RHSA-2017-0365.html
http://rhn.redhat.com/errata/RHSA-2017-0366.html
http://rhn.redhat.com/errata/RHSA-2017-0403.html
http://rhn.redhat.com/errata/RHSA-2017-0501.html
http://www.debian.org/security/2017/dsa-3791
http://www.openwall.com/lists/oss-security/2017/02/22/3
http://www.openwall.com/lists/oss-security/2017/02/26/2
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/96310
http://www.securitytracker.com/id/1037876
http://www.ubuntu.com/usn/usn-3206-1
http://www.ubuntu.com/usn/usn-3207-1
http://www.ubuntu.com/usn/usn-3207-2
http://www.ubuntu.com/usn/usn-3208-1
http://www.ubuntu.com/usn/usn-3208-2
http://www.ubuntu.com/usn/usn-3209-1
https://access.redhat.com/errata/RHSA-2017:0932
https://access.redhat.com/errata/RHSA-2017:1209
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1665935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.41
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
https://patchwork.ozlabs.org/patch/728808/
https://source.android.com/security/bulletin/2017-07-01
https://ubuntu.com/security/notices/USN-3206-1
https://ubuntu.com/security/notices/USN-3207-1
https://ubuntu.com/security/notices/USN-3207-2
https://ubuntu.com/security/notices/USN-3208-1
https://ubuntu.com/security/notices/USN-3208-2
https://ubuntu.com/security/notices/USN-3209-1
https://usn.ubuntu.com/usn/usn-3206-1
https://usn.ubuntu.com/usn/usn-3207-1
https://usn.ubuntu.com/usn/usn-3207-2
https://usn.ubuntu.com/usn/usn-3208-1
https://usn.ubuntu.com/usn/usn-3208-2
https://usn.ubuntu.com/usn/usn-3209-1
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6074
https://www.cve.org/CVERecord?id=CVE-2017-6074
https://www.exploit-db.com/exploits/41457/
https://www.exploit-db.com/exploits/41458/
https://www.tenable.com/security/tns-2017-07
CWE
CWE-415, CWE-416
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 4.2 \u0434\u043e 4.4.51 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 2.6.16 \u0434\u043e 4.1.40 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4\nhttps://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.41\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.02.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.12.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.06.2017",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2017-01556",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-6074",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 (CWE-415), \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dccp_rcv_state_process \u0432 net/dccp/input.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f DCCP_PKT_REQUEST \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0438 LISTEN, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (\u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435) \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0432\u044b\u0437\u043e\u0432 IPV6_RECVPKTINFO setsockopt",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://rhn.redhat.com/errata/RHSA-2017-0293.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0294.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0295.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0316.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0323.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0324.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0345.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0346.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0347.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0365.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0366.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0403.html\nhttp://rhn.redhat.com/errata/RHSA-2017-0501.html\nhttp://www.debian.org/security/2017/dsa-3791\nhttp://www.openwall.com/lists/oss-security/2017/02/22/3\nhttp://www.openwall.com/lists/oss-security/2017/02/26/2\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\nhttp://www.securityfocus.com/bid/96310\nhttp://www.securitytracker.com/id/1037876\nhttp://www.ubuntu.com/usn/usn-3206-1\nhttp://www.ubuntu.com/usn/usn-3207-1\nhttp://www.ubuntu.com/usn/usn-3207-2\nhttp://www.ubuntu.com/usn/usn-3208-1\nhttp://www.ubuntu.com/usn/usn-3208-2\nhttp://www.ubuntu.com/usn/usn-3209-1\nhttps://access.redhat.com/errata/RHSA-2017:0932\nhttps://access.redhat.com/errata/RHSA-2017:1209\nhttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/1665935\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4\nhttps://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.41\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.52\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13\nhttps://patchwork.ozlabs.org/patch/728808/\nhttps://source.android.com/security/bulletin/2017-07-01\nhttps://ubuntu.com/security/notices/USN-3206-1\nhttps://ubuntu.com/security/notices/USN-3207-1\nhttps://ubuntu.com/security/notices/USN-3207-2\nhttps://ubuntu.com/security/notices/USN-3208-1\nhttps://ubuntu.com/security/notices/USN-3208-2\nhttps://ubuntu.com/security/notices/USN-3209-1\nhttps://usn.ubuntu.com/usn/usn-3206-1\nhttps://usn.ubuntu.com/usn/usn-3207-1\nhttps://usn.ubuntu.com/usn/usn-3207-2\nhttps://usn.ubuntu.com/usn/usn-3208-1\nhttps://usn.ubuntu.com/usn/usn-3208-2\nhttps://usn.ubuntu.com/usn/usn-3209-1\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6074\nhttps://www.cve.org/CVERecord?id=CVE-2017-6074\nhttps://www.exploit-db.com/exploits/41457/\nhttps://www.exploit-db.com/exploits/41458/\nhttps://www.tenable.com/security/tns-2017-07",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-415, CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}
GSD-2017-6074
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-6074",
"description": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.",
"id": "GSD-2017-6074",
"references": [
"https://www.suse.com/security/cve/CVE-2017-6074.html",
"https://www.debian.org/security/2017/dsa-3791",
"https://access.redhat.com/errata/RHSA-2017:1209",
"https://access.redhat.com/errata/RHSA-2017:0932",
"https://access.redhat.com/errata/RHSA-2017:0501",
"https://access.redhat.com/errata/RHSA-2017:0403",
"https://access.redhat.com/errata/RHSA-2017:0366",
"https://access.redhat.com/errata/RHSA-2017:0365",
"https://access.redhat.com/errata/RHSA-2017:0347",
"https://access.redhat.com/errata/RHSA-2017:0346",
"https://access.redhat.com/errata/RHSA-2017:0345",
"https://access.redhat.com/errata/RHSA-2017:0324",
"https://access.redhat.com/errata/RHSA-2017:0323",
"https://access.redhat.com/errata/RHSA-2017:0316",
"https://access.redhat.com/errata/RHSA-2017:0295",
"https://access.redhat.com/errata/RHSA-2017:0294",
"https://access.redhat.com/errata/RHSA-2017:0293",
"https://ubuntu.com/security/CVE-2017-6074",
"https://advisories.mageia.org/CVE-2017-6074.html",
"https://security.archlinux.org/CVE-2017-6074",
"https://alas.aws.amazon.com/cve/html/CVE-2017-6074.html",
"https://linux.oracle.com/cve/CVE-2017-6074.html",
"https://packetstormsecurity.com/files/cve/CVE-2017-6074"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-6074"
],
"details": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.",
"id": "GSD-2017-6074",
"modified": "2023-12-13T01:21:09.418502Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"name": "RHSA-2017:0324",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"name": "RHSA-2017:0365",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"name": "RHSA-2017:0347",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "RHSA-2017:1209",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"name": "[oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"name": "RHSA-2017:0501",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "RHSA-2017:0932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "1037876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037876"
},
{
"name": "RHSA-2017:0316",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"name": "RHSA-2017:0294",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"name": "RHSA-2017:0295",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"name": "RHSA-2017:0366",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"name": "RHSA-2017:0346",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"name": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"name": "RHSA-2017:0403",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"name": "RHSA-2017:0293",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"name": "https://www.tenable.com/security/tns-2017-07",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"name": "96310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96310"
},
{
"name": "41457",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41457/"
},
{
"name": "41458",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41458/"
},
{
"name": "RHSA-2017:0345",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.18.49",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.12.71",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.16.41",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.41",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.10.106",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.86",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.52",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.13",
"versionStartIncluding": "4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6074"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"
},
{
"name": "[oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/22/3"
},
{
"name": "96310",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96310"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "1037876",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037876"
},
{
"name": "41458",
"refsource": "EXPLOIT-DB",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41458/"
},
{
"name": "41457",
"refsource": "EXPLOIT-DB",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41457/"
},
{
"name": "https://www.tenable.com/security/tns-2017-07",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2017-07"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3791"
},
{
"name": "RHSA-2017:1209",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1209"
},
{
"name": "RHSA-2017:0932",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "RHSA-2017:0501",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0501.html"
},
{
"name": "RHSA-2017:0403",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0403.html"
},
{
"name": "RHSA-2017:0366",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0366.html"
},
{
"name": "RHSA-2017:0365",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0365.html"
},
{
"name": "RHSA-2017:0347",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html"
},
{
"name": "RHSA-2017:0346",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html"
},
{
"name": "RHSA-2017:0345",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0345.html"
},
{
"name": "RHSA-2017:0324",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0324.html"
},
{
"name": "RHSA-2017:0323",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html"
},
{
"name": "RHSA-2017:0316",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0316.html"
},
{
"name": "RHSA-2017:0295",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0295.html"
},
{
"name": "RHSA-2017:0294",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0294.html"
},
{
"name": "RHSA-2017:0293",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0293.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-10T00:53Z",
"publishedDate": "2017-02-18T21:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…