5.5

CVE-2015-1350

Exploit

EPSS 0.07%
Veröffentlicht 02.05.2016 10:59:07
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.0 <= 3.19.8

Redhat ≫ Enterprise Linux Version5.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Mrg Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.201

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

http://marc.info/?l=linux-kernel&m=142153722930533&w=2

Patch

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2015/01/24/5

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/76075

Third Party Advisory

VDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492

Third Party Advisory

Exploit

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1185139

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2015-1350

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1350

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1350

EUVD