CVE-2016-7039

Опубликовано: 16 окт. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

Ссылки

http://rhn.redhat.com/errata/RHSA-2016-2047.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2107.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2110.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/10/15
Mailing List
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Third Party Advisory
http://www.securityfocus.com/bid/93476
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:0372
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa134
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1375944
Issue Tracking
Third Party Advisory
https://patchwork.ozlabs.org/patch/680412/
Issue Tracking
Patch
http://rhn.redhat.com/errata/RHSA-2016-2047.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2107.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2110.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/10/15
Mailing List
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Third Party Advisory
http://www.securityfocus.com/bid/93476
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:0372
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa134
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 4.1.37 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.2 (включая) до 4.4.32 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.8.8 (исключая)

EPSS

Процентиль: 74%

0.00878

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-399

Связанные уязвимости

CVE-2016-7039

CVSS3: 7.5

ubuntu

почти 9 лет назад

CVE-2016-7039

CVSS3: 7.5

redhat

почти 9 лет назад

CVE-2016-7039

CVSS3: 7.5

debian

почти 9 лет назад

The IP stack in the Linux kernel through 4.8.2 allows remote attackers ...

GHSA-3rm9-rm94-6p3r

CVSS3: 7.5

github

больше 3 лет назад

ELSA-2016-3626

oracle-oval

почти 9 лет назад

ELSA-2016-3626: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 74%

0.00878

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-399