[Forgot Password]
Login  Register Subscribe

23631

 
 

119902

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-4913

Date: (C)2016-06-02   (M)2017-11-18 


The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.

CVSS Score: 7.2Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
BID-90730
DSA-3607
SUSE-SU-2016:1672
SUSE-SU-2016:1985
USN-3016-1
USN-3016-2
USN-3016-3
USN-3016-4
USN-3017-1
USN-3017-2
USN-3017-3
USN-3018-1
USN-3018-2
USN-3019-1
USN-3020-1
USN-3021-1
USN-3021-2
http://www.openwall.com/lists/oss-security/2016/05/18/3
http://www.openwall.com/lists/oss-security/2016/05/18/5
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bugzilla.redhat.com/show_bug.cgi?id=1337528
https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6

CPE    4
cpe:/o:oracle:linux:6.0
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:15.10
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
...
CWE    1
CWE-200
OVAL    20
oval:org.secpod.oval:def:35566
oval:org.secpod.oval:def:110595
oval:org.secpod.oval:def:1600406
oval:org.secpod.oval:def:110596
...

© 2013 SecPod Technologies