Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-9604

Опубликовано: 11 июл. 2018
Источник: nvd
CVSS3: 4.4
CVSS2: 2.1
EPSS Низкий

Описание

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 4.11 (включая)
cpe:2.3:o:linux:linux_kernel:4.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.11:rc7:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.00025
Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-732
CWE-347

Связанные уязвимости

ubuntu логотип

CVE-2016-9604

CVSS3: 4.4
ubuntu
почти 7 лет назад

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

redhat логотип

CVE-2016-9604

CVSS3: 4.4
redhat
около 8 лет назад

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

debian логотип

CVE-2016-9604

CVSS3: 4.4
debian
почти 7 лет назад

It was discovered in the Linux kernel before 4.11-rc8 that root can ga ...

github логотип

GHSA-8qc8-27v8-7664

CVSS3: 4.4
github
около 3 лет назад

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

oracle-oval логотип

ELSA-2017-3607

oracle-oval
почти 8 лет назад

ELSA-2017-3607: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 5%
0.00025
Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-732
CWE-347