Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1350

Опубликовано: 21 нояб. 2014
Источник: redhat
CVSS2: 3.2
EPSS Низкий

Описание

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

It was found that a regular user could remove xattr permissions on files by using the chown or write system calls. A local attacker could use this flaw to deny elevated permissions from valid users, services, or applications, potentially resulting in a denial of service.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and MRG 2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-552
https://bugzilla.redhat.com/show_bug.cgi?id=1185139kernel: denial of service in notify_change for filesystem xattrs

EPSS

Процентиль: 8%
0.00033
Низкий

3.2 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1350

CVSS3: 5.5
ubuntu
около 9 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

nvd логотип

CVE-2015-1350

CVSS3: 5.5
nvd
около 9 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

debian логотип

CVE-2015-1350

CVSS3: 5.5
debian
около 9 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set o ...

github логотип

GHSA-m2mx-4jc6-3wh7

CVSS3: 5.5
github
около 3 лет назад

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

oracle-oval логотип

ELSA-2022-9969

oracle-oval
больше 2 лет назад

ELSA-2022-9969: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 8%
0.00033
Низкий

3.2 Low

CVSS2