Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8632

Опубликовано: 07 нояб. 2016
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

A flaw was found in the TIPC networking subsystem which could allow for memory corruption and possible privilege escalation. The flaw involves a system with an unusually low MTU (60) on networking devices configured as bearers for the TIPC protocol. An attacker could create a packet which will overwrite memory outside of allocated space and allow for privilege escalation.

Отчет

This issue is rated as important. The affected code is not enabled on Red Hat Enterprise Linux 6 and 7 or MRG-2 kernels. The commit introducing the comment was not included in Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1390832kernel: TIPC subsystem: tipc_msg_build() doesn't validate MTU, may cause memory corruption.

EPSS

Процентиль: 29%
0.00101
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8632

CVSS3: 7.8
ubuntu
больше 8 лет назад

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

nvd логотип

CVE-2016-8632

CVSS3: 7.8
nvd
больше 8 лет назад

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

debian логотип

CVE-2016-8632

CVSS3: 7.8
debian
больше 8 лет назад

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel thro ...

github логотип

GHSA-7gr9-4f5w-gv8p

CVSS3: 7.8
github
около 3 лет назад

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.

suse-cvrf логотип

SUSE-SU-2017:0278-1

suse-cvrf
больше 8 лет назад

Security update for Linux Kernel Live Patch 8 for SLE 12 SP1

EPSS

Процентиль: 29%
0.00101
Низкий

6.8 Medium

CVSS2