Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0728

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 08 Ρ„Π΅Π². 2016
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: high
EPSS Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ
CVSS2: 7.2
CVSS3: 7.8

ОписаниС

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.8.0-22.24
esm-infra-legacy/trusty

released

3.13.0-76.120
esm-infra/xenial

not-affected

4.3.0-7.18
precise

not-affected

trusty

released

3.13.0-76.120
trusty/esm

released

3.13.0-76.120
upstream

released

4.5~rc1
vivid

released

3.19.0-47.53
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

released

3.19.0-47.53

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

not-affected

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra/xenial

not-affected

4.4.0-1001.10
precise

DNE

trusty

not-affected

4.4.0-1002.2
trusty/esm

not-affected

4.4.0-1002.2
upstream

released

4.5~rc1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

4.4.0-1001.10

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.5~rc1
vivid

not-affected

vivid/stable-phone-overlay

not-affected

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

4.4.0-1003.3
yakkety

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.5~rc1
vivid

not-affected

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

4.8.0-36.36~16.04.1
precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

4.8.0-36.36~16.04.1

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

4.8.0-36.36~16.04.1
precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

4.8.0-36.36~16.04.1

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

released

3.13.0-76.120~precise1
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [3.16.0-59.79~14.04.1]]
precise

DNE

trusty

released

3.16.0-59.79~14.04.1
trusty/esm

DNE

trusty was released [3.16.0-59.79~14.04.1]
upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [3.19.0-47.53~14.04.1]]
precise

DNE

trusty

released

3.19.0-47.53~14.04.1
trusty/esm

DNE

trusty was released [3.19.0-47.53~14.04.1]
upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [4.2.0-25.30~14.04.1]]
precise

DNE

trusty

released

4.2.0-25.30~14.04.1
trusty/esm

DNE

trusty was released [4.2.0-25.30~14.04.1]
upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
precise

DNE

trusty

not-affected

4.4.0-13.29~14.04.1
trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.5~rc1
vivid

not-affected

vivid/stable-phone-overlay

not-affected

vivid/ubuntu-core

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored]
precise

DNE

trusty

ignored

trusty/esm

DNE

trusty was ignored
upstream

released

4.5~rc1
vivid

not-affected

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

not-affected

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.8.0-1013.15
esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

released

4.2.0-1022.29
wily

released

4.2.0-1020.27

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

not-affected

4.4.0-1029.32
esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

xenial

not-affected

4.4.0-1012.12

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-infra-legacy/trusty

DNE

precise

not-affected

trusty

DNE

trusty/esm

DNE

upstream

released

4.5~rc1
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 98%
0.5601
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

7.2 High

CVSS2

7.8 High

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0728

redhat
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0728

CVSS3: 7.8
nvd
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2016-0728

CVSS3: 7.8
debian
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The join_session_keyring function in security/keys/process_keys.c in t ...

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2016:0341-1

suse-cvrf
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Security update for Kernel live patch 10

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2016:0205-1

suse-cvrf
большС 9 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Security update for the Linux Kernel

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 98%
0.5601
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

7.2 High

CVSS2

7.8 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2016-0728