Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-5897

Опубликовано: 05 фев. 2017
Источник: redhat
CVSS3: 3.7

Описание

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.

An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. At this time we understand no trust barrier has been crossed and there is no security implications in this flaw.

Отчет

Red Hat Enterprise Linux 5 and 6 are not affected as they do not include this code. Red Hat Enterprise Linux 7, MRG and realtime kernels contain the code, but are not affected. At this time we do not believe there is a denial of service, memory leak, privilege escalation or trust barrier crossed. The kernel may attribute errors in system logs to the wrong tunnel. If you believe this is in error and have evidence or thoughts to the contrary please contact Red Hat Security Team.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1419848kernel: ip6_gre: Invalid reads in ip6gre_err

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-5897

CVSS3: 9.8
ubuntu
около 8 лет назад

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.

nvd логотип

CVE-2017-5897

CVSS3: 9.8
nvd
около 8 лет назад

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.

debian логотип

CVE-2017-5897

CVSS3: 9.8
debian
около 8 лет назад

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allo ...

github логотип

GHSA-9v6g-jchr-3755

CVSS3: 9.8
github
около 3 лет назад

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.

fstec логотип

BDU:2017-01463

CVSS3: 9.8
fstec
больше 8 лет назад

Уязвимость функции ip6gre_err операционной системы Linux, позволяющая нарушителю оказать неопределенное воздействие

3.7 Low

CVSS3