6.2

CVE-2014-5045

Exploit
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.15.8
RedhatEnterprise Linux Eus Version6.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.38
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://rhn.redhat.com/errata/RHSA-2015-0062.html
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
Patch
Third Party Advisory
Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=295dc39d941dc2ae53d5c170365af4c9d5c16212
http://secunia.com/advisories/60353
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/07/24/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/68862
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1122472
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/295dc39d941dc2ae53d5c170365af4c9d5c16212
Patch
Third Party Advisory
Exploit