Описание
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.10.0-19.21 |
| esm-infra-legacy/trusty | not-affected | 3.11.0-12.19 |
| esm-infra/xenial | not-affected | 4.2.0-16.19 |
| hardy | not-affected | |
| lucid | released | 2.6.32-41.89 |
| natty | released | 2.6.38-15.60 |
| oneiric | released | 3.0.0-20.34 |
| precise | released | 3.2.0-24.38 |
| precise/esm | not-affected | 3.2.0-24.38 |
| quantal | not-affected | 3.4.0-1.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | released | 3.2.0-1603.6 |
| precise/esm | DNE | precise was released [3.2.0-1603.6] |
| quantal | not-affected | 3.2.0-1603.6 |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 4.4.0-1002.2 |
| esm-infra/xenial | not-affected | 4.4.0-1001.10 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | 4.4.0-1002.2 |
| trusty/esm | not-affected | 4.4.0-1002.2 |
| upstream | released | 3.4~rc4 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.32-345.48 |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.4.0-1.3]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| saucy | DNE | |
| trusty | not-affected | 3.4.0-1.3 |
| trusty/esm | DNE | trusty was not-affected [3.4.0-1.3] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | ignored | end of life |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 3.4~rc4 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | 4.4.0-1003.3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.4.0-1.9]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| saucy | ignored | |
| trusty | not-affected | 3.4.0-1.9 |
| trusty/esm | DNE | trusty was not-affected [3.4.0-1.9] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [abandoned]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| saucy | ignored | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [abandoned] |
| upstream | released | 3.4~rc4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 4.8.0-36.36~16.04.1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 3.4~rc4 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 4.8.0-36.36~16.04.1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 3.4~rc4 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | ignored | end of life |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.38-15.60~lucid1 |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | released | 3.0.0-20.34~lucid1 |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | not-affected | 3.5.0-18.29~precise1 |
| precise/esm | DNE | precise was not-affected [3.5.0-18.29~precise1] |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | not-affected | 3.8.0-19.30~precise1 |
| precise/esm | DNE | precise was not-affected [3.8.0-19.30~precise1] |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | DNE | |
| precise | not-affected | 3.13.0-24.46~precise1 |
| precise/esm | not-affected | 3.13.0-24.46~precise1 |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 3.4~rc4 |
| utopic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.16.0-25.33~14.04.2]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | 3.16.0-25.33~14.04.2 |
| trusty/esm | DNE | trusty was not-affected [3.16.0-25.33~14.04.2] |
| upstream | released | 3.4~rc4 |
| utopic | DNE | |
| vivid | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.19.0-18.18~14.04.1]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | 3.19.0-18.18~14.04.1 |
| trusty/esm | DNE | trusty was not-affected [3.19.0-18.18~14.04.1] |
| upstream | released | 3.4~rc4 |
| utopic | DNE | |
| vivid | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [4.2.0-18.22~14.04.1]] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | 4.2.0-18.22~14.04.1 |
| trusty/esm | DNE | trusty was not-affected [4.2.0-18.22~14.04.1] |
| upstream | released | 3.4~rc4 |
| vivid | DNE | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 4.4.0-13.29~14.04.1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | not-affected | 4.4.0-13.29~14.04.1 |
| trusty/esm | not-affected | 4.4.0-13.29~14.04.1 |
| upstream | released | 3.4~rc4 |
| vivid | DNE | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [abandoned]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| saucy | ignored | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [abandoned] |
| upstream | released | 3.4~rc4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.4.0-3.21]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| saucy | ignored | |
| trusty | not-affected | 3.4.0-3.21 |
| trusty/esm | DNE | trusty was not-affected [3.4.0-3.21] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.4.0-4.19]] |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| saucy | ignored | |
| trusty | not-affected | 3.4.0-4.19 |
| trusty/esm | DNE | trusty was not-affected [3.4.0-4.19] |
| upstream | released | 3.4~rc4 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | ignored | end of life |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.10.0-1004.6 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 3.4~rc4 |
| vivid | DNE | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | released | 4.2.0-1014.21 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.4.0-1050.54 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 3.4~rc4 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| natty | released | 2.6.38-1209.25 |
| oneiric | released | 3.0.0-1210.22 |
| precise | released | 3.2.0-1413.17 |
| precise/esm | DNE | precise was released [3.2.0-1413.17] |
| quantal | not-affected | 3.4.0-201.3 |
| raring | not-affected | 3.4.0-201.3 |
Показывать по
Ссылки на источники
EPSS
7.2 High
CVSS2
Связанные уязвимости
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
The cap_bprm_set_creds function in security/commoncap.c in the Linux k ...
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
ELSA-2012-2020: Unbreakable Enterprise kernel security and bugfix update (IMPORTANT)
EPSS
7.2 High
CVSS2