[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2014-417 ---- kernel perf

ID: oval:org.secpod.oval:def:1600152Date: (C)2016-01-19   (M)2024-03-20
Class: PATCHFamily: unix




fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service on systems that had atime disabled via a "mount -o remount" command within a user namespace. The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.

Platform:
Amazon Linux AMI
Product:
kernel
perf
Reference:
ALAS-2014-417
CVE-2014-5207
CVE-2014-5206
CVE    2
CVE-2014-5207
CVE-2014-5206
CPE    392
cpe:/o:linux:linux_kernel:3.4.71
cpe:/o:linux:linux_kernel:3.4.70
cpe:/o:linux:linux_kernel:3.6.10
cpe:/o:linux:linux_kernel:3.6.11
...

© SecPod Technologies