Описание
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. This allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all network namespaces.
Отчет
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2, as a code with the flaw is not present or is not built in the products listed. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not req ...
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
ELSA-2019-4317: Unbreakable Enterprise kernel security update (IMPORTANT)
4.4 Medium
CVSS3