Описание
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. get_name() in interface.c copies interface labels from /proc/net/dev into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
A flaw was found in net-tools. This vulnerability allows arbitrary code execution or a crash via improper handling of interface labels from /proc/net/dev.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE 121: Stack-based Buffer Overflow or a CWE-20: Improper Input Validation vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low. Platform access is restricted through hard-token MFA and least privilege, ensuring only authorized roles can execute code that processes untrusted input or accesses memory-sensitive functions. Red Hat enforces least functionality by enabling only essential services and ports, minimizing exposure to input-driven faults and buffer overflows. During development, static analysis and peer reviews validate input handling and logic to prevent integer, bounds, and format errors. Memory protections such as DEP and ASLR further mitigate the risk of stack-based overflow exploitation. Finally, malicious code protection, runtime monitoring, and audit logging provide real-time detection and response to suspicious payloads or anomalous memory activity.
Меры по смягчению последствий
To mitigate this vulnerability, disable unprivileged user-namespaces (sysctl kernel.unprivileged_userns_clone=0) to remove the easiest non-privileged trigger path.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | net-tools | Not affected | ||
| Red Hat Enterprise Linux 6 | net-tools | Fix deferred | ||
| Red Hat Enterprise Linux 7 | net-tools | Fix deferred | ||
| Red Hat Enterprise Linux 8 | net-tools | Fix deferred | ||
| Red Hat Enterprise Linux 9 | net-tools | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.6 Medium
CVSS3
Связанные уязвимости
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.
net-tools is a collection of programs that form the base set of the NE ...
EPSS
6.6 Medium
CVSS3