Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8569

Опубликовано: 28 дек. 2015
Источник: debian
EPSS Низкий

Описание

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
linuxfixed4.3.3-3package
linux-2.6removedpackage
linux-2.6not-affectedsqueezepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2015/12/15/7

  • Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 (v4.4-rc6)

  • pptp_{connect,bind} introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=00959ade36acadc00e757f87060bf6e4501d545f (v2.6.37-rc1)

  • https://lkml.org/lkml/2015/12/14/252

EPSS

Процентиль: 1%
0.00011
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-8569

CVSS3: 2.3
ubuntu
больше 9 лет назад

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

redhat логотип

CVE-2015-8569

redhat
больше 9 лет назад

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

nvd логотип

CVE-2015-8569

CVSS3: 2.3
nvd
больше 9 лет назад

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

github логотип

GHSA-9wfh-75q9-qc53

CVSS3: 2.3
github
около 3 лет назад

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

suse-cvrf логотип

SUSE-SU-2016:0168-1

suse-cvrf
больше 9 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 1%
0.00011
Низкий