Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2017-7482

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 26 июн. 2017
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 7.1
EPSS Низкий

ОписаниС

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

Keberos 5 tickets being decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

ΠžΡ‚Ρ‡Π΅Ρ‚

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6 and 7 as the module is not enabled on these systems. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases may address this issue.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2019:064126.03.2019

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Moderate
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1446288kernel: net/rxrpc: overflow in decoding of krb5 principal

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 37%
0.00161
Низкий

7.1 High

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2017-7482

CVSS3: 7.8
ubuntu
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2017-7482

CVSS3: 7.8
nvd
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2017-7482

CVSS3: 7.8
debian
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded wh ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-2x6j-879g-gpqr

CVSS3: 7.8
github
ΠΏΠΎΡ‡Ρ‚ΠΈ 4 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2019-00227

CVSS3: 7.1
fstec
ΠΏΠΎΡ‡Ρ‚ΠΈ 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Ρ€Π΅Π°Π»ΠΈΠ·Π°Ρ†ΠΈΠΈ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»Π° Keberos v5 ядра ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы Linux, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ ΠΏΠΎΠ²Ρ‹ΡΠΈΡ‚ΡŒ свои ΠΏΡ€ΠΈΠ²ΠΈΠ»Π΅Π³ΠΈΠΈ ΠΈΠ»ΠΈ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΡ‚ΠΊΠ°Π· Π² обслуТивании

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 37%
0.00161
Низкий

7.1 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2017-7482