Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-17448

Опубликовано: 03 дек. 2017
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

The net/netfilter/nfnetlink_cthelper.c function in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2, as a code with the flaw is not present or is not built in the products listed. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2018:067610.04.2018
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2018:065410.04.2018
Red Hat Enterprise Linux 7kernelFixedRHSA-2018:106210.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1525768kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure

EPSS

Процентиль: 20%
0.00064
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-17448

CVSS3: 7.8
ubuntu
больше 7 лет назад

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

nvd логотип

CVE-2017-17448

CVSS3: 7.8
nvd
больше 7 лет назад

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

debian логотип

CVE-2017-17448

CVSS3: 7.8
debian
больше 7 лет назад

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 ...

github логотип

GHSA-q8pc-q7mj-47x6

CVSS3: 7.8
github
около 3 лет назад

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.

oracle-oval логотип

ELSA-2018-4110

oracle-oval
около 7 лет назад

ELSA-2018-4110: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 20%
0.00064
Низкий

4.4 Medium

CVSS3