ID CVE-2017-0553
Summary An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 1460760
title Virtio-net interface MTU overwritten to 1500 bytes
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment libnl3 is earlier than 0:3.2.28-4.el7
        oval oval:com.redhat.rhsa:tst:20172299011
      • comment libnl3 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581012
    • AND
      • comment libnl3-cli is earlier than 0:3.2.28-4.el7
        oval oval:com.redhat.rhsa:tst:20172299009
      • comment libnl3-cli is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581014
    • AND
      • comment libnl3-devel is earlier than 0:3.2.28-4.el7
        oval oval:com.redhat.rhsa:tst:20172299007
      • comment libnl3-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581016
    • AND
      • comment libnl3-doc is earlier than 0:3.2.28-4.el7
        oval oval:com.redhat.rhsa:tst:20172299005
      • comment libnl3-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581010
    • AND
      • comment NetworkManager-libreswan is earlier than 0:1.2.4-2.el7
        oval oval:com.redhat.rhsa:tst:20172299013
      • comment NetworkManager-libreswan is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315026
    • AND
      • comment NetworkManager-libreswan-gnome is earlier than 0:1.2.4-2.el7
        oval oval:com.redhat.rhsa:tst:20172299015
      • comment NetworkManager-libreswan-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315024
    • AND
      • comment libnm-gtk is earlier than 0:1.8.0-3.el7
        oval oval:com.redhat.rhsa:tst:20172299027
      • comment libnm-gtk is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315020
    • AND
      • comment libnm-gtk-devel is earlier than 0:1.8.0-3.el7
        oval oval:com.redhat.rhsa:tst:20172299025
      • comment libnm-gtk-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315018
    • AND
      • comment libnma is earlier than 0:1.8.0-3.el7
        oval oval:com.redhat.rhsa:tst:20172299017
      • comment libnma is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581018
    • AND
      • comment libnma-devel is earlier than 0:1.8.0-3.el7
        oval oval:com.redhat.rhsa:tst:20172299019
      • comment libnma-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581028
    • AND
      • comment network-manager-applet is earlier than 0:1.8.0-3.el7
        oval oval:com.redhat.rhsa:tst:20172299021
      • comment network-manager-applet is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315022
    • AND
      • comment nm-connection-editor is earlier than 0:1.8.0-3.el7
        oval oval:com.redhat.rhsa:tst:20172299023
      • comment nm-connection-editor is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315016
    • AND
      • comment NetworkManager is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299033
      • comment NetworkManager is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930006
    • AND
      • comment NetworkManager-adsl is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299043
      • comment NetworkManager-adsl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315030
    • AND
      • comment NetworkManager-bluetooth is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299045
      • comment NetworkManager-bluetooth is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315052
    • AND
      • comment NetworkManager-config-server is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299055
      • comment NetworkManager-config-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315048
    • AND
      • comment NetworkManager-dispatcher-routing-rules is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299053
      • comment NetworkManager-dispatcher-routing-rules is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581054
    • AND
      • comment NetworkManager-glib is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299037
      • comment NetworkManager-glib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930010
    • AND
      • comment NetworkManager-glib-devel is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299041
      • comment NetworkManager-glib-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930012
    • AND
      • comment NetworkManager-libnm is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299051
      • comment NetworkManager-libnm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315040
    • AND
      • comment NetworkManager-libnm-devel is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299031
      • comment NetworkManager-libnm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315028
    • AND
      • comment NetworkManager-ppp is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299039
      • comment NetworkManager-ppp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20172299040
    • AND
      • comment NetworkManager-team is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299049
      • comment NetworkManager-team is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315046
    • AND
      • comment NetworkManager-tui is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299029
      • comment NetworkManager-tui is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315044
    • AND
      • comment NetworkManager-wifi is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299047
      • comment NetworkManager-wifi is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315042
    • AND
      • comment NetworkManager-wwan is earlier than 1:1.8.0-9.el7
        oval oval:com.redhat.rhsa:tst:20172299035
      • comment NetworkManager-wwan is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315034
rhsa
id RHSA-2017:2299
released 2017-08-01
severity Moderate
title RHSA-2017:2299: NetworkManager and libnl3 security, bug fix and enhancement update (Moderate)
rpms
  • libnl3-0:3.2.28-4.el7
  • libnl3-cli-0:3.2.28-4.el7
  • libnl3-devel-0:3.2.28-4.el7
  • libnl3-doc-0:3.2.28-4.el7
  • NetworkManager-libreswan-0:1.2.4-2.el7
  • NetworkManager-libreswan-gnome-0:1.2.4-2.el7
  • libnm-gtk-0:1.8.0-3.el7
  • libnm-gtk-devel-0:1.8.0-3.el7
  • libnma-0:1.8.0-3.el7
  • libnma-devel-0:1.8.0-3.el7
  • network-manager-applet-0:1.8.0-3.el7
  • nm-connection-editor-0:1.8.0-3.el7
  • NetworkManager-1:1.8.0-9.el7
  • NetworkManager-adsl-1:1.8.0-9.el7
  • NetworkManager-bluetooth-1:1.8.0-9.el7
  • NetworkManager-config-server-1:1.8.0-9.el7
  • NetworkManager-dispatcher-routing-rules-1:1.8.0-9.el7
  • NetworkManager-glib-1:1.8.0-9.el7
  • NetworkManager-glib-devel-1:1.8.0-9.el7
  • NetworkManager-libnm-1:1.8.0-9.el7
  • NetworkManager-libnm-devel-1:1.8.0-9.el7
  • NetworkManager-ppp-1:1.8.0-9.el7
  • NetworkManager-team-1:1.8.0-9.el7
  • NetworkManager-tui-1:1.8.0-9.el7
  • NetworkManager-wifi-1:1.8.0-9.el7
  • NetworkManager-wwan-1:1.8.0-9.el7
refmap via4
bid 97340
confirm
fedora
  • FEDORA-2017-34f6e70fdd
  • FEDORA-2017-7a5363b41d
mlist [libnl] 20170503 ANN: libnl 3.3.0 released
sectrack 1038201
ubuntu
  • USN-3311-1
  • USN-3311-2
vulnerable_product via4
  • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
Last major update 03-10-2019 - 00:03
Published 07-04-2017 - 22:59
Back to Top