CVE-2014-5045

Опубликовано: 01 авг. 2014

Источник: nvd

CVSS2: 6.2

EPSS Низкий

Описание

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.

Ссылки

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212
http://rhn.redhat.com/errata/RHSA-2015-0062.html
Third Party Advisory
http://secunia.com/advisories/60353
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
Patch
Third Party Advisory
Vendor Advisory
http://www.openwall.com/lists/oss-security/2014/07/24/2
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/68862
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1122472
Issue Tracking
Third Party Advisory
https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212
Exploit
Patch
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212
http://rhn.redhat.com/errata/RHSA-2015-0062.html
Third Party Advisory
http://secunia.com/advisories/60353
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
Patch
Third Party Advisory
Vendor Advisory
http://www.openwall.com/lists/oss-security/2014/07/24/2
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/68862
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1122472
Issue Tracking
Third Party Advisory
https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 3.15.8 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00029

Низкий

6.2 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2014-5045

ubuntu

около 11 лет назад

CVE-2014-5045

redhat

около 11 лет назад

CVE-2014-5045

debian

около 11 лет назад

The mountpoint_last function in fs/namei.c in the Linux kernel before ...

GHSA-9pvv-pv37-92f4

github

около 3 лет назад

BDU:2015-06250

fstec

больше 10 лет назад

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 6%

0.00029

Низкий

6.2 Medium

CVSS2

Дефекты

CWE-59