logo
DATABASE RESOURCES PRICING ABOUT US

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3596)

Description

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3596 advisory. - The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (CVE-2016-7097) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related