Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6136

Опубликовано: 04 июл. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 3.3
EPSS Низкий

Описание

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7. This has been rated as having Moderate security impact and is planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelAffected
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2017:030723.02.2017
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2016:258403.11.2016
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:257403.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1353533kernel: Race condition vulnerability in execve argv arguments

EPSS

Процентиль: 4%
0.00021
Низкий

5.3 Medium

CVSS3

3.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6136

CVSS3: 4.7
ubuntu
почти 9 лет назад

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

nvd логотип

CVE-2016-6136

CVSS3: 4.7
nvd
почти 9 лет назад

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

debian логотип

CVE-2016-6136

CVSS3: 4.7
debian
почти 9 лет назад

Race condition in the audit_log_single_execve_arg function in kernel/a ...

github логотип

GHSA-5q34-w3p7-2pvp

CVSS3: 4.7
github
около 3 лет назад

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

oracle-oval логотип

ELSA-2017-0307

oracle-oval
больше 8 лет назад

ELSA-2017-0307: kernel security and bug fix update (MODERATE)

EPSS

Процентиль: 4%
0.00021
Низкий

5.3 Medium

CVSS3

3.3 Low

CVSS2