[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3636Date: (C)2015-08-07   (M)2024-04-15


The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1033186
BID-74450
DSA-3290
FEDORA-2015-7736
FEDORA-2015-7784
FEDORA-2015-8518
RHSA-2015:1221
RHSA-2015:1534
RHSA-2015:1564
RHSA-2015:1583
RHSA-2015:1643
SUSE-SU-2015:1224
SUSE-SU-2015:1478
SUSE-SU-2015:1487
SUSE-SU-2015:1488
SUSE-SU-2015:1489
SUSE-SU-2015:1491
USN-2631-1
USN-2632-1
USN-2633-1
USN-2634-1
http://www.openwall.com/lists/oss-security/2015/05/02/5
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.redhat.com/show_bug.cgi?id=1218074
https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326
openSUSE-SU-2015:1382

CPE    3
cpe:/o:debian:debian_linux:7.0
cpe:/o:linux:linux_kernel
cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
OVAL    31
oval:org.secpod.oval:def:1501070
oval:org.secpod.oval:def:203674
oval:org.secpod.oval:def:501595
oval:org.secpod.oval:def:602150
...

© SecPod Technologies