ID CVE-2017-0553
Summary An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 1460760
title Virtio-net interface MTU overwritten to 1500 bytes
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment libnl3 is earlier than 0:3.2.28-4.el7
          oval oval:com.redhat.rhsa:tst:20172299001
        • comment libnl3 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162581006
      • AND
        • comment libnl3-cli is earlier than 0:3.2.28-4.el7
          oval oval:com.redhat.rhsa:tst:20172299003
        • comment libnl3-cli is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162581008
      • AND
        • comment libnl3-devel is earlier than 0:3.2.28-4.el7
          oval oval:com.redhat.rhsa:tst:20172299005
        • comment libnl3-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162581010
      • AND
        • comment libnl3-doc is earlier than 0:3.2.28-4.el7
          oval oval:com.redhat.rhsa:tst:20172299007
        • comment libnl3-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162581012
      • AND
        • comment NetworkManager-libreswan is earlier than 0:1.2.4-2.el7
          oval oval:com.redhat.rhsa:tst:20172299009
        • comment NetworkManager-libreswan is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315020
      • AND
        • comment NetworkManager-libreswan-gnome is earlier than 0:1.2.4-2.el7
          oval oval:com.redhat.rhsa:tst:20172299011
        • comment NetworkManager-libreswan-gnome is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315022
      • AND
        • comment libnm-gtk is earlier than 0:1.8.0-3.el7
          oval oval:com.redhat.rhsa:tst:20172299013
        • comment libnm-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315012
      • AND
        • comment libnm-gtk-devel is earlier than 0:1.8.0-3.el7
          oval oval:com.redhat.rhsa:tst:20172299015
        • comment libnm-gtk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315014
      • AND
        • comment libnma is earlier than 0:1.8.0-3.el7
          oval oval:com.redhat.rhsa:tst:20172299017
        • comment libnma is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162581018
      • AND
        • comment libnma-devel is earlier than 0:1.8.0-3.el7
          oval oval:com.redhat.rhsa:tst:20172299019
        • comment libnma-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162581020
      • AND
        • comment network-manager-applet is earlier than 0:1.8.0-3.el7
          oval oval:com.redhat.rhsa:tst:20172299021
        • comment network-manager-applet is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315016
      • AND
        • comment nm-connection-editor is earlier than 0:1.8.0-3.el7
          oval oval:com.redhat.rhsa:tst:20172299023
        • comment nm-connection-editor is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315018
      • AND
        • comment NetworkManager is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299025
        • comment NetworkManager is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110930002
      • AND
        • comment NetworkManager-adsl is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299027
        • comment NetworkManager-adsl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315026
      • AND
        • comment NetworkManager-bluetooth is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299029
        • comment NetworkManager-bluetooth is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315028
      • AND
        • comment NetworkManager-config-server is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299031
        • comment NetworkManager-config-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315032
      • AND
        • comment NetworkManager-dispatcher-routing-rules is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299033
        • comment NetworkManager-dispatcher-routing-rules is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20162581034
      • AND
        • comment NetworkManager-glib is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299035
        • comment NetworkManager-glib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110930006
      • AND
        • comment NetworkManager-glib-devel is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299037
        • comment NetworkManager-glib-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110930008
      • AND
        • comment NetworkManager-libnm is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299039
        • comment NetworkManager-libnm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315040
      • AND
        • comment NetworkManager-libnm-devel is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299041
        • comment NetworkManager-libnm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315042
      • AND
        • comment NetworkManager-ppp is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299043
        • comment NetworkManager-ppp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20172299044
      • AND
        • comment NetworkManager-team is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299045
        • comment NetworkManager-team is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315044
      • AND
        • comment NetworkManager-tui is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299047
        • comment NetworkManager-tui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315046
      • AND
        • comment NetworkManager-wifi is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299049
        • comment NetworkManager-wifi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315048
      • AND
        • comment NetworkManager-wwan is earlier than 1:1.8.0-9.el7
          oval oval:com.redhat.rhsa:tst:20172299051
        • comment NetworkManager-wwan is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152315050
rhsa
id RHSA-2017:2299
released 2017-08-01
severity Moderate
title RHSA-2017:2299: NetworkManager and libnl3 security, bug fix and enhancement update (Moderate)
rpms
  • NetworkManager-1:1.8.0-9.el7
  • NetworkManager-adsl-1:1.8.0-9.el7
  • NetworkManager-bluetooth-1:1.8.0-9.el7
  • NetworkManager-config-server-1:1.8.0-9.el7
  • NetworkManager-debuginfo-1:1.8.0-9.el7
  • NetworkManager-dispatcher-routing-rules-1:1.8.0-9.el7
  • NetworkManager-glib-1:1.8.0-9.el7
  • NetworkManager-glib-devel-1:1.8.0-9.el7
  • NetworkManager-libnm-1:1.8.0-9.el7
  • NetworkManager-libnm-devel-1:1.8.0-9.el7
  • NetworkManager-libreswan-0:1.2.4-2.el7
  • NetworkManager-libreswan-debuginfo-0:1.2.4-2.el7
  • NetworkManager-libreswan-gnome-0:1.2.4-2.el7
  • NetworkManager-ppp-1:1.8.0-9.el7
  • NetworkManager-team-1:1.8.0-9.el7
  • NetworkManager-tui-1:1.8.0-9.el7
  • NetworkManager-wifi-1:1.8.0-9.el7
  • NetworkManager-wwan-1:1.8.0-9.el7
  • libnl3-0:3.2.28-4.el7
  • libnl3-cli-0:3.2.28-4.el7
  • libnl3-debuginfo-0:3.2.28-4.el7
  • libnl3-devel-0:3.2.28-4.el7
  • libnl3-doc-0:3.2.28-4.el7
  • libnm-gtk-0:1.8.0-3.el7
  • libnm-gtk-devel-0:1.8.0-3.el7
  • libnma-0:1.8.0-3.el7
  • libnma-devel-0:1.8.0-3.el7
  • network-manager-applet-0:1.8.0-3.el7
  • network-manager-applet-debuginfo-0:1.8.0-3.el7
  • nm-connection-editor-0:1.8.0-3.el7
refmap via4
bid 97340
confirm
fedora
  • FEDORA-2017-34f6e70fdd
  • FEDORA-2017-7a5363b41d
mlist [libnl] 20170503 ANN: libnl 3.3.0 released
sectrack 1038201
ubuntu
  • USN-3311-1
  • USN-3311-2
Last major update 03-10-2019 - 00:03
Published 07-04-2017 - 22:59
Last modified 03-10-2019 - 00:03
Back to Top