CVE-2017-9074

Sažetak

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.

Reference

https://patchwork.ozlabs.org/patch/763117/
https://github.com/torvalds/linux/commit/2423496af35d94a87156b063ea5cedffc10a70a1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2423496af35d94a87156b063ea5cedffc10a70a1
http://www.securityfocus.com/bid/98577
http://www.debian.org/security/2017/dsa-3886
https://access.redhat.com/errata/RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2018:0169
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

24-02-2023 - 18:40

Objavljeno

19-05-2017 - 07:29