5.5

CVE-2015-1350

Exploit

EPSS 0.03%
Published 02.05.2016 10:59:07
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.0 <= 3.19.8

Redhat ≫ Enterprise Linux Version5.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Mrg Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

http://marc.info/?l=linux-kernel&m=142153722930533&w=2

Patch

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2015/01/24/5

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/76075

Third Party Advisory

VDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492

Third Party Advisory

Exploit

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1185139

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2015-1350

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1350

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1350

EUVD