CVE-2015-1350

Sažetak

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1185139
http://www.openwall.com/lists/oss-security/2015/01/24/5
http://marc.info/?l=linux-kernel&m=142153722930533&w=2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492
http://www.securityfocus.com/bid/76075

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

15-07-2021 - 19:16

Objavljeno

02-05-2016 - 10:59