Lucene search

K
amazonAmazonALAS-2017-876
HistoryAug 30, 2017 - 11:38 p.m.

Medium: libnl3

2017-08-3023:38:00
alas.aws.amazon.com
21
libnl3
heap-buffer overflow
integer overflow
cve-2017-0553
red hat
mitre
update
system
amazon linux

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

58.7%

Issue Overview:

Integer overflow in nlmsg_reserve():
An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553)

Affected Packages:

libnl3

Issue Correction:
Run yum update libnl3 to update your system.

New Packages:

i686:  
    libnl3-doc-3.2.28-4.6.amzn1.i686  
    libnl3-cli-3.2.28-4.6.amzn1.i686  
    libnl3-debuginfo-3.2.28-4.6.amzn1.i686  
    libnl3-devel-3.2.28-4.6.amzn1.i686  
    libnl3-3.2.28-4.6.amzn1.i686  
  
src:  
    libnl3-3.2.28-4.6.amzn1.src  
  
x86_64:  
    libnl3-debuginfo-3.2.28-4.6.amzn1.x86_64  
    libnl3-3.2.28-4.6.amzn1.x86_64  
    libnl3-cli-3.2.28-4.6.amzn1.x86_64  
    libnl3-doc-3.2.28-4.6.amzn1.x86_64  
    libnl3-devel-3.2.28-4.6.amzn1.x86_64  

Additional References

Red Hat: CVE-2017-0553

Mitre: CVE-2017-0553

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

58.7%