SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
SecurityTracker Alert ID:  1036171
SecurityTracker URL:  http://securitytracker.com/id/1036171
CVE Reference:   CVE-2016-4997, CVE-2016-4998   (Links to External Site)
Date:  Jun 24 2016
Impact:   Denial of service via local system, Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in the Linux kernel. A local user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system.

A local user can trigger a memory corruption error in the IPT_SO_SET_REPLACE compat_setsockopt() function to execute arbitrary code with kernel-level privileges [CVE-2016-4997].

A local user can issue a specially crafted IPT_SO_SET_REPLACE setsockopt() call to trigger an out-of-bounds memory access error and cause the target sysetm to crash [CVE-2016-4998].

Jesse Hertz and Tim Newsham reported these vulnerabilities.

Impact:   A local user can cause the target system to crash.

A local user can obtain elevated privileges on the target system.

Solution:   The vendor has issued a fix (3.14.73, 4.4.14, 4.6.3).
Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 28 2016 (Ubuntu Issues Fix) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu Linux 16.04 LTS.
Jun 28 2016 (Ubuntu Issues Fix) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu Linux 15.10.
Jun 28 2016 (Ubuntu Issues Fix) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS.
Sep 12 2016 (Google Issues Fix for Google Android) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Google has issued a fix for Google Android.
Sep 15 2016 (Oracle Issues Fix for Oracle Linux) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Oracle has issued a fix for Oracle Linux 7.
Jan 11 2017 (Red Hat Issues Fix) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Jan 11 2017 (Oracle Issues Fix for Oracle Linux) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Oracle has issued a fix for Oracle Linux 6.
Jun 22 2017 (Ubuntu Issues Fix) Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu Linux 12.04 ESM.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC