Описание
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
A buffer overflow flaw was found in iptables-restore. This flaw allows a local attacker with sufficiently high privileges, such as root, to provide a specially crafted file, causing a program crash or potential code execution. The highest threat from this vulnerability is to system availability.
Отчет
This flaw has been rated as having a security impact of Low because it requires unlikely circumstances to be able to be exploited. Red Hat Enterprise Linux 8 is not affected by this flaw, as the shipped versions of iptables already include the patch. Although Red Hat Enterprise Linux 6 and 7 are affected, successful exploitation is prevented by Stack Smashing Protection (SSP), reducing the impact to a denial of service.
Note that this flaw is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is in the Extended Life Phase of the support and maintenance life cycle; Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | iptables | Out of support scope | ||
| Red Hat Enterprise Linux 6 | iptables | Out of support scope | ||
| Red Hat Enterprise Linux 7 | iptables | Out of support scope | ||
| Red Hat Enterprise Linux 8 | iptables | Not affected | ||
| Red Hat Enterprise Linux 9 | iptables | Not affected | ||
| Red Hat OpenShift Container Platform 4 | iptables | Not affected |
Показывать по
Дополнительная информация
Статус:
4.2 Medium
CVSS3
Связанные уязвимости
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allo ...
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
4.2 Medium
CVSS3