Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-1350

Опубликовано: 02 мая 2016
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 3.0 (включая) до 3.19.8 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 8%
0.00033
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-552

Связанные уязвимости

ubuntu логотип

CVE-2015-1350

CVSS3: 5.5
ubuntu
около 9 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

redhat логотип

CVE-2015-1350

redhat
больше 10 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

debian логотип

CVE-2015-1350

CVSS3: 5.5
debian
около 9 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set o ...

github логотип

GHSA-m2mx-4jc6-3wh7

CVSS3: 5.5
github
около 3 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

oracle-oval логотип

ELSA-2022-9969

oracle-oval
больше 2 лет назад

ELSA-2022-9969: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 8%
0.00033
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-552