Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-5551

Опубликовано: 06 фев. 2017
Источник: nvd
CVSS3: 4.4
CVSS2: 3.6
EPSS Низкий

Описание

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 4.9.5 (включая)

EPSS

Процентиль: 20%
0.00064
Низкий

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2017-5551

CVSS3: 4.4
ubuntu
около 9 лет назад

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.

redhat логотип

CVE-2017-5551

CVSS3: 4.4
redhat
около 9 лет назад

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.

debian логотип

CVE-2017-5551

CVSS3: 4.4
debian
около 9 лет назад

The simple_set_acl function in fs/posix_acl.c in the Linux kernel befo ...

github логотип

GHSA-8v97-5c8j-7wmc

CVSS3: 4.4
github
больше 3 лет назад

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.

fstec логотип

BDU:2017-00290

CVSS3: 4.4
fstec
около 9 лет назад

Уязвимость операционной системы Linux, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 20%
0.00064
Низкий

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

NVD-CWE-noinfo