9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.905 High
EPSS
Percentile
98.5%
CentOS system maintenance engineer Johnny Hughes today released the security Bulletin, the requirements currently are using CentOS 7 series users as soon as possible the deployment of important kernel security updates. According to Red Hat published upsteam security Bulletin, the kernel update total fixes five security vulnerabilities, and fixes many other BUGS.
! [](/Article/UploadPic/2017-7/2017723312773. jpg? www. myhack58. com)
This kernel update fixes(CVE-2017-7477)and(CVE-2017-7645)two remote code execution vulnerabilities, the former in the socket buffer(skb_buff)from the fragment list(skb_shinfo(skb)->frag_list)create a scattergather list to allocate heap memory, allowing an attacker to constantly elevated permissions. The latter is the impact of NFS2/3 RPC Client to the NFS server sends long data, thereby allowing a remote attacker to make the kernel crash.
(CVE-2017-7895)fix up NFSv2 and an NFSv3 Server implementation found security vulnerability(CVE-2017-2583)is fixed based on the Kernel of the virtual machine CONFIG_KVM)Vulnerability(CVE-2017-6214)is to fix the Linux Kernel processing URG flag process in the presence of security vulnerabilities.
CentOS users need to be deployed as soon as possible kernel-3.10.0-514.26.1. el7 kernel update, it has now been confirmed the Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux HPC Node 7 and Red Hat Enterprise Linux Server TUS 7.3 version of the existence of the vulnerability.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.905 High
EPSS
Percentile
98.5%