Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2015-8660

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 28 Π΄Π΅ΠΊ. 2015
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: high
EPSS Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ
CVSS2: 7.2
CVSS3: 6.7

ОписаниС

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.8.0-22.24
esm-infra-legacy/trusty

not-affected

esm-infra-legacy/xenial

not-affected

4.3.0-6.17
esm-infra/xenial

not-affected

4.3.0-6.17
precise

not-affected

trusty

not-affected

trusty/esm

not-affected

upstream

released

4.4~rc4
vivid

released

3.19.0-43.49
vivid/stable-phone-overlay

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

not-affected

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra-legacy/xenial

not-affected

4.4.0-1001.10
esm-infra/xenial

not-affected

4.4.0-1001.10
precise

DNE

trusty

not-affected

4.4.0-1002.2
trusty/esm

not-affected

4.4.0-1002.2
upstream

released

4.4~rc4
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.4~rc4
vivid

ignored

end of life
vivid/stable-phone-overlay

not-affected

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

4.4.0-1003.3
yakkety

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.4~rc4
vivid

ignored

end of life
vivid/stable-phone-overlay

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

not-affected

4.8.0-36.36~16.04.1
esm-infra/xenial

not-affected

4.8.0-36.36~16.04.1
precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

not-affected

4.8.0-36.36~16.04.1
esm-infra/xenial

not-affected

4.8.0-36.36~16.04.1
precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

not-affected

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]
precise

DNE

trusty

not-affected

trusty/esm

DNE

trusty was not-affected
upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [3.19.0-43.49~14.04.1]]
precise

DNE

trusty

released

3.19.0-43.49~14.04.1
trusty/esm

DNE

trusty was released [3.19.0-43.49~14.04.1]
upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [4.2.0-23.28~14.04.1]]
precise

DNE

trusty

released

4.2.0-23.28~14.04.1
trusty/esm

DNE

trusty was released [4.2.0-23.28~14.04.1]
upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
precise

DNE

trusty

not-affected

4.4.0-13.29~14.04.1
trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.4~rc4
vivid

ignored

end of life
vivid/stable-phone-overlay

not-affected

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.4~rc4
vivid

ignored

end of life
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

not-affected

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.8.0-1013.15
esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

released

4.2.0-1022.29
wily

released

4.2.0-1018.25

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.4.0-1029.32
esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

xenial

not-affected

4.4.0-1012.12

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

not-affected

trusty

DNE

trusty/esm

DNE

upstream

released

4.4~rc4
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 97%
0.22374
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

7.2 High

CVSS2

6.7 Medium

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2015-8660

redhat
большС 10 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2015-8660

CVSS3: 6.7
nvd
большС 10 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2015-8660

CVSS3: 6.7
debian
большС 10 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel t ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-2m7p-qcqr-gfv2

CVSS3: 6.7
github
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

oracle-oval Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

ELSA-2016-3593

oracle-oval
ΠΏΠΎΡ‡Ρ‚ΠΈ 10 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ELSA-2016-3593: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 97%
0.22374
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

7.2 High

CVSS2

6.7 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2015-8660