Lucene search

[email protected]CVE-2016-3134

HistoryApr 27, 2016 - 5:59 p.m.

CVE-2016-3134

2016-04-2717:59:22

CWE-119

[email protected]

web.nvd.nist.gov

153

linux

kernel

netfilter

cve-2016-3134

local users

privileges

denial of service

heap memory corruption

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Affected configurations

NVD

Node

novellsuse_linux_enterprise_software_development_kitMatch11.0sp4

novellsuse_linux_enterprise_software_development_kitMatch12.0

novellsuse_linux_enterprise_software_development_kitMatch12.0sp1

novellsuse_linux_enterprise_debuginfoMatch11.0sp4

novellsuse_linux_enterprise_desktopMatch12.0

novellsuse_linux_enterprise_desktopMatch12.0sp1

novellsuse_linux_enterprise_live_patchingMatch12.0

novellsuse_linux_enterprise_module_for_public_cloudMatch12.0

novellsuse_linux_enterprise_real_time_extensionMatch12.0sp1

novellsuse_linux_enterprise_serverMatch11.0extra

novellsuse_linux_enterprise_serverMatch11.0sp4

novellsuse_linux_enterprise_serverMatch12.0

novellsuse_linux_enterprise_serverMatch12.0sp1

novellsuse_linux_enterprise_workstation_extensionMatch12.0

novellsuse_linux_enterprise_workstation_extensionMatch12.0sp1

Node

linuxlinux_kernelRange≤4.5.2

VendorProductVersionCPE
novellsuse_linux_enterprise_server12.0cpe:/o:novell:suse_linux_enterprise_server:12.0:sp1::
novellsuse_linux_enterprise_desktop12.0cpe:/o:novell:suse_linux_enterprise_desktop:12.0:sp1::
novellsuse_linux_enterprise_live_patching12.0cpe:/o:novell:suse_linux_enterprise_live_patching:12.0:::
novellsuse_linux_enterprise_software_development_kit12.0cpe:/a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1::
novellsuse_linux_enterprise_software_development_kit12.0cpe:/a:novell:suse_linux_enterprise_software_development_kit:12.0:::
novellsuse_linux_enterprise_server11.0cpe:/o:novell:suse_linux_enterprise_server:11.0:extra::
novellsuse_linux_enterprise_server12.0cpe:/o:novell:suse_linux_enterprise_server:12.0:::
novellsuse_linux_enterprise_workstation_extension12.0cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0:::
novellsuse_linux_enterprise_debuginfo11.0cpe:/o:novell:suse_linux_enterprise_debuginfo:11.0:sp4::
novellsuse_linux_enterprise_module_for_public_cloud12.0cpe:/o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:::

Vendor	Product	Version	CPE
novell	suse_linux_enterprise_server	12.0	cpe:/o:novell:suse_linux_enterprise_server:12.0:sp1::
novell	suse_linux_enterprise_desktop	12.0	cpe:/o:novell:suse_linux_enterprise_desktop:12.0:sp1::
novell	suse_linux_enterprise_live_patching	12.0	cpe:/o:novell:suse_linux_enterprise_live_patching:12.0:::
novell	suse_linux_enterprise_software_development_kit	12.0	cpe:/a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1::
novell	suse_linux_enterprise_software_development_kit	12.0	cpe:/a:novell:suse_linux_enterprise_software_development_kit:12.0:::
novell	suse_linux_enterprise_server	11.0	cpe:/o:novell:suse_linux_enterprise_server:11.0:extra::
novell	suse_linux_enterprise_server	12.0	cpe:/o:novell:suse_linux_enterprise_server:12.0:::
novell	suse_linux_enterprise_workstation_extension	12.0	cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0:::
novell	suse_linux_enterprise_debuginfo	11.0	cpe:/o:novell:suse_linux_enterprise_debuginfo:11.0:sp4::
novell	suse_linux_enterprise_module_for_public_cloud	12.0	cpe:/o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:::

Rows per page:

1-10 of 151

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309

lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

rhn.redhat.com/errata/RHSA-2016-1847.html

rhn.redhat.com/errata/RHSA-2016-1875.html

rhn.redhat.com/errata/RHSA-2016-1883.html

www.debian.org/security/2016/dsa-3607

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/84305

www.securitytracker.com/id/1036763

www.ubuntu.com/usn/USN-2929-1

www.ubuntu.com/usn/USN-2929-2

www.ubuntu.com/usn/USN-2930-1

www.ubuntu.com/usn/USN-2930-2

www.ubuntu.com/usn/USN-2930-3

www.ubuntu.com/usn/USN-2931-1

www.ubuntu.com/usn/USN-2932-1

www.ubuntu.com/usn/USN-3049-1

www.ubuntu.com/usn/USN-3050-1

bugzilla.redhat.com/show_bug.cgi?id=1317383

code.google.com/p/google-security-research/issues/detail?id=758

github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

Related for CVE-2016-3134

cvelist1 ibm2 android1 debiancve1 ubuntucve1 prion1 veracode1 nvd1 oraclelinux4 nessus50 zdt1 openvas37 fedora3 redhat3 ubuntu9 centos1 amazon1 suse23 cloudfoundry1 debian3 osv2 androidsecurity1