Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-6590 (GCVE-0-2017-6590)
Vulnerability from cvelistv5 – Published: 2017-03-09 19:00 – Updated: 2024-08-05 15:33
VLAI?
EPSS
Summary
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.ubuntu.com/usn/usn-3217-1/ | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201707-09 | vendor-advisoryx_refsource_GENTOO |
| https://bugs.launchpad.net/ubuntu/+source/network… | x_refsource_CONFIRM |
| https://www.youtube.com/watch?v=Fp2lwRVg0l0 | x_refsource_MISC |
| http://www.securitytracker.com/id/1037977 | vdb-entryx_refsource_SECTRACK |
Date Public ?
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"name": "GLSA-201707-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"name": "1037977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"name": "GLSA-201707-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"name": "1037977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ubuntu.com/usn/usn-3217-1/",
"refsource": "CONFIRM",
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"name": "GLSA-201707-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"name": "https://www.youtube.com/watch?v=Fp2lwRVg0l0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"name": "1037977",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6590",
"datePublished": "2017-03-09T19:00:00.000Z",
"dateReserved": "2017-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:33:20.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-6590",
"date": "2026-05-19",
"epss": "0.00096",
"percentile": "0.26365"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AFB20FA-CB00-4729-AB3A-816454C6D096\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en network-manager-applet (tambi\\u00e9n conocido como network-manager-gnome) en Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS y 16.10. Un atacante local podr\\u00eda usar este problema en la pantalla de inicio de sesi\\u00f3n predeterminada de Ubuntu para acceder a archivos locales y ejecutar comandos arbitrarios como el usuario lightdm. La explotaci\\u00f3n requiere de acceso f\\u00edsico al ordenador bloqueado y la conexi\\u00f3n Wi-Fi debe estar activada. Un punto de acceso que permita utilizar un certificado para iniciar sesi\\u00f3n es tambi\\u00e9n necesario, pero es f\\u00e1cil crear uno. Entonces, es posible abrir una ventana de nautilus y explorar directorios. Uno tambi\\u00e9n puede abrir algunas aplicaciones tales como Firefox, que es \\u00fatil para descargar binarios maliciosos.\"}]",
"id": "CVE-2017-6590",
"lastModified": "2024-11-21T03:30:04.540",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.4, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-03-09T19:59:00.317",
"references": "[{\"url\": \"http://www.securitytracker.com/id/1037977\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://security.gentoo.org/glsa/201707-09\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.ubuntu.com/usn/usn-3217-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.youtube.com/watch?v=Fp2lwRVg0l0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1037977\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://security.gentoo.org/glsa/201707-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.ubuntu.com/usn/usn-3217-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.youtube.com/watch?v=Fp2lwRVg0l0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-6590\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-03-09T19:59:00.317\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en network-manager-applet (tambi\u00e9n conocido como network-manager-gnome) en Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS y 16.10. Un atacante local podr\u00eda usar este problema en la pantalla de inicio de sesi\u00f3n predeterminada de Ubuntu para acceder a archivos locales y ejecutar comandos arbitrarios como el usuario lightdm. La explotaci\u00f3n requiere de acceso f\u00edsico al ordenador bloqueado y la conexi\u00f3n Wi-Fi debe estar activada. Un punto de acceso que permita utilizar un certificado para iniciar sesi\u00f3n es tambi\u00e9n necesario, pero es f\u00e1cil crear uno. Entonces, es posible abrir una ventana de nautilus y explorar directorios. Uno tambi\u00e9n puede abrir algunas aplicaciones tales como Firefox, que es \u00fatil para descargar binarios maliciosos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.4,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFB20FA-CB00-4729-AB3A-816454C6D096\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1037977\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/201707-09\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.ubuntu.com/usn/usn-3217-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=Fp2lwRVg0l0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1037977\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/201707-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ubuntu.com/usn/usn-3217-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=Fp2lwRVg0l0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
CNVD-2017-03198
Vulnerability from cnvd - Published: 2017-03-22
VLAI Severity ?
Title
Ubuntu存在本地漏洞
Description
Ubuntu是英国科能(Canonical)公司和Ubuntu基金会共同开发的一套以桌面应用为主的GNU/Linux操作系统。
Ubuntu 12.04 LTS,14.04 LTS,16.04 LTS和16.10中的network-manager-applet(又名network-manager-gnome)存在安全漏洞。本地攻击者可以在默认的Ubuntu登录屏幕上使用此漏洞来访问本地文件,并执行任意命令作为lightdm用户。
Severity
中
Patch Name
Ubuntu存在本地漏洞的补丁
Patch Description
Ubuntu是英国科能(Canonical)公司和Ubuntu基金会共同开发的一套以桌面应用为主的GNU/Linux操作系统。
Ubuntu 12.04 LTS,14.04 LTS,16.04 LTS和16.10中的network-manager-applet(又名network-manager-gnome)存在安全漏洞。本地攻击者可以在默认的Ubuntu登录屏幕上使用此漏洞来访问本地文件,并执行任意命令作为lightdm用户。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321
Reference
https://www.ubuntu.com/usn/usn-3217-1/
Impacted products
| Name | ['Ubuntu Ubuntu Linux 16.04 LTS', 'Ubuntu Ubuntu Linux 16.10', 'Ubuntu Ubuntu Linux 14.04 LTS', 'Ubuntu Ubuntu Linux 12.04 LTS'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-6590",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6590"
}
},
"description": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nUbuntu 12.04 LTS\uff0c14.04 LTS\uff0c16.04 LTS\u548c16.10\u4e2d\u7684network-manager-applet\uff08\u53c8\u540dnetwork-manager-gnome\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u9ed8\u8ba4\u7684Ubuntu\u767b\u5f55\u5c4f\u5e55\u4e0a\u4f7f\u7528\u6b64\u6f0f\u6d1e\u6765\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u4efb\u610f\u547d\u4ee4\u4f5c\u4e3alightdm\u7528\u6237\u3002",
"discovererName": "BIGUENET Quentin",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875:\r\nhttps://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-03198",
"openTime": "2017-03-22",
"patchDescription": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nUbuntu 12.04 LTS\uff0c14.04 LTS\uff0c16.04 LTS\u548c16.10\u4e2d\u7684network-manager-applet\uff08\u53c8\u540dnetwork-manager-gnome\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u9ed8\u8ba4\u7684Ubuntu\u767b\u5f55\u5c4f\u5e55\u4e0a\u4f7f\u7528\u6b64\u6f0f\u6d1e\u6765\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u4efb\u610f\u547d\u4ee4\u4f5c\u4e3alightdm\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Ubuntu\u5b58\u5728\u672c\u5730\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Ubuntu Ubuntu Linux 16.04 LTS",
"Ubuntu Ubuntu Linux 16.10",
"Ubuntu Ubuntu Linux 14.04 LTS",
"Ubuntu Ubuntu Linux 12.04 LTS"
]
},
"referenceLink": "https://www.ubuntu.com/usn/usn-3217-1/",
"serverity": "\u4e2d",
"submitTime": "2017-03-10",
"title": "Ubuntu\u5b58\u5728\u672c\u5730\u6f0f\u6d1e"
}
FKIE_CVE-2017-6590
Vulnerability from fkie_nvd - Published: 2017-03-09 19:59 - Updated: 2026-05-13 00:24
Severity ?
Summary
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en network-manager-applet (tambi\u00e9n conocido como network-manager-gnome) en Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS y 16.10. Un atacante local podr\u00eda usar este problema en la pantalla de inicio de sesi\u00f3n predeterminada de Ubuntu para acceder a archivos locales y ejecutar comandos arbitrarios como el usuario lightdm. La explotaci\u00f3n requiere de acceso f\u00edsico al ordenador bloqueado y la conexi\u00f3n Wi-Fi debe estar activada. Un punto de acceso que permita utilizar un certificado para iniciar sesi\u00f3n es tambi\u00e9n necesario, pero es f\u00e1cil crear uno. Entonces, es posible abrir una ventana de nautilus y explorar directorios. Uno tambi\u00e9n puede abrir algunas aplicaciones tales como Firefox, que es \u00fatil para descargar binarios maliciosos."
}
],
"id": "CVE-2017-6590",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-09T19:59:00.317",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037977"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WRX7-QM3P-QW79
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33
VLAI?
Details
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
Severity ?
6.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-6590"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-09T19:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
"id": "GHSA-wrx7-qm3p-qw79",
"modified": "2025-04-20T03:33:56Z",
"published": "2022-05-13T01:46:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6590"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"type": "WEB",
"url": "https://www.ubuntu.com/usn/usn-3217-1"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2017-6590
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-6590",
"description": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
"id": "GSD-2017-6590",
"references": [
"https://www.suse.com/security/cve/CVE-2017-6590.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-6590"
],
"details": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
"id": "GSD-2017-6590",
"modified": "2023-12-13T01:21:10.237382Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ubuntu.com/usn/usn-3217-1/",
"refsource": "CONFIRM",
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"name": "GLSA-201707-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"name": "https://www.youtube.com/watch?v=Fp2lwRVg0l0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"name": "1037977",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037977"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6590"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=Fp2lwRVg0l0",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"name": "https://www.ubuntu.com/usn/usn-3217-1/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"name": "GLSA-201707-09",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"name": "1037977",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1037977"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-03-09T19:59Z"
}
}
}
OPENSUSE-SU-2024:10603-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
NetworkManager-applet-1.24.0-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: NetworkManager-applet-1.24.0-1.2 on GA media
Description of the patch: These are all security issues fixed in the NetworkManager-applet-1.24.0-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10603
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "NetworkManager-applet-1.24.0-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the NetworkManager-applet-1.24.0-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10603",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10603-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6590 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6590/"
}
],
"title": "NetworkManager-applet-1.24.0-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10603-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "NetworkManager-applet-1.24.0-1.2.aarch64",
"product": {
"name": "NetworkManager-applet-1.24.0-1.2.aarch64",
"product_id": "NetworkManager-applet-1.24.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "NetworkManager-applet-lang-1.24.0-1.2.aarch64",
"product": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.aarch64",
"product_id": "NetworkManager-applet-lang-1.24.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "NetworkManager-connection-editor-1.24.0-1.2.aarch64",
"product": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.aarch64",
"product_id": "NetworkManager-connection-editor-1.24.0-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "NetworkManager-applet-1.24.0-1.2.ppc64le",
"product": {
"name": "NetworkManager-applet-1.24.0-1.2.ppc64le",
"product_id": "NetworkManager-applet-1.24.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
"product": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
"product_id": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
"product": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
"product_id": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "NetworkManager-applet-1.24.0-1.2.s390x",
"product": {
"name": "NetworkManager-applet-1.24.0-1.2.s390x",
"product_id": "NetworkManager-applet-1.24.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "NetworkManager-applet-lang-1.24.0-1.2.s390x",
"product": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.s390x",
"product_id": "NetworkManager-applet-lang-1.24.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "NetworkManager-connection-editor-1.24.0-1.2.s390x",
"product": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.s390x",
"product_id": "NetworkManager-connection-editor-1.24.0-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "NetworkManager-applet-1.24.0-1.2.x86_64",
"product": {
"name": "NetworkManager-applet-1.24.0-1.2.x86_64",
"product_id": "NetworkManager-applet-1.24.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "NetworkManager-applet-lang-1.24.0-1.2.x86_64",
"product": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.x86_64",
"product_id": "NetworkManager-applet-lang-1.24.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "NetworkManager-connection-editor-1.24.0-1.2.x86_64",
"product": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.x86_64",
"product_id": "NetworkManager-connection-editor-1.24.0-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-1.24.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64"
},
"product_reference": "NetworkManager-applet-1.24.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-1.24.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le"
},
"product_reference": "NetworkManager-applet-1.24.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-1.24.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x"
},
"product_reference": "NetworkManager-applet-1.24.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-1.24.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64"
},
"product_reference": "NetworkManager-applet-1.24.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64"
},
"product_reference": "NetworkManager-applet-lang-1.24.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le"
},
"product_reference": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x"
},
"product_reference": "NetworkManager-applet-lang-1.24.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-applet-lang-1.24.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64"
},
"product_reference": "NetworkManager-applet-lang-1.24.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64"
},
"product_reference": "NetworkManager-connection-editor-1.24.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le"
},
"product_reference": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x"
},
"product_reference": "NetworkManager-connection-editor-1.24.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "NetworkManager-connection-editor-1.24.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
},
"product_reference": "NetworkManager-connection-editor-1.24.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-6590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6590"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6590",
"url": "https://www.suse.com/security/cve/CVE-2017-6590"
},
{
"category": "external",
"summary": "SUSE Bug 1028792 for CVE-2017-6590",
"url": "https://bugzilla.suse.com/1028792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x",
"openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-6590"
}
]
}
WID-SEC-W-2025-0117
Vulnerability from csaf_certbund - Published: 2017-03-07 23:00 - Updated: 2025-01-19 23:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um administrative Privilegien zu erlangen, einen Denial of Service Angriff durchzuführen oder Sicherheitsmechanismen zu umgehen.
Betroffene Betriebssysteme: - Linux
Es existiert eine Schwachstelle im Linux Kernel im Zusammenhang mit der l2tp_ip6_bind() Funktion in der L2TPv3 IP Encapsulation. Ein lokaler Angreifer kann ein Racecondition auslösen, um dadurch einen Denial of Service Zustand herbeizuführen oder um seine Privilegien zu erhöhen.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:v.7.3:aus
|
7 | |
|
Ubuntu Linux 12.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
|
12.04 LTS | |
|
Ubuntu Linux 16.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.04_lts
|
16.04 LTS | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux 16.10
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.10
|
16.1 | |
|
Red Hat Enterprise MRG 2
Red Hat / Enterprise MRG
|
cpe:/a:redhat:enterprise_mrg:2.0
|
2 | |
|
Ubuntu Linux 14.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:14.04:-:lts
|
14.04 LTS | |
|
Red Hat Enterprise Linux 6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6
|
6 | |
|
Open Source Linux Kernel <4.10.1
Open Source / Linux Kernel
|
<4.10.1 | ||
|
Open Source Linux Kernel <4.8.14
Open Source / Linux Kernel
|
<4.8.14 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Es existiert eine Schwachstelle im Linux Kernel im Zusammenhang mit dem N_HLDC Linux kernel Treiber (drivers/tty/n_hdlc.c). Ein lokaler Angreifer kann die Schwachstelle nutzen, um administrative Privilegien erlangen oder einen Denial of Service Angriff durchführen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:v.7.3:aus
|
7 | |
|
Ubuntu Linux 16.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.04_lts
|
16.04 LTS | |
|
Ubuntu Linux 16.10
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.10
|
16.1 | |
|
Ubuntu Linux 14.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:14.04:-:lts
|
14.04 LTS | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Ubuntu Linux 12.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
|
12.04 LTS | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise MRG 2
Red Hat / Enterprise MRG
|
cpe:/a:redhat:enterprise_mrg:2.0
|
2 | |
|
Red Hat Enterprise Linux 6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6
|
6 | |
|
Open Source Linux Kernel <4.10.1
Open Source / Linux Kernel
|
<4.10.1 | ||
|
Open Source Linux Kernel <4.8.14
Open Source / Linux Kernel
|
<4.8.14 | ||
|
F5 Enterprise Manager 3.1.1
F5 / Enterprise Manager
|
cpe:/a:f5:enterprise_manager:3.1.1
|
3.1.1 | |
|
F5 BIG-IP 13.0.0
F5 / BIG-IP
|
cpe:/a:f5:big-ip:13.0.0
|
13.0.0 |
Es existiert eine Schwachstelle im Linux Kernel in Zusammenhang mit dem network-manager-applet in GNOME. Ein Angreifer mit physikalischem Zugang zum System kann diese Schwachstelle nutzen, um Sicherheitsmechanismen zu umgehen und Zugriff auf das lokale Dateisystem eines gesperrten Clients zur erlangen. Für einen erfolgreichen Anfgriff muss Wi-fi aktiviert sein.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:v.7.3:aus
|
7 | |
|
Ubuntu Linux 12.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
|
12.04 LTS | |
|
Ubuntu Linux 16.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.04_lts
|
16.04 LTS | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux 16.10
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.10
|
16.1 | |
|
Red Hat Enterprise MRG 2
Red Hat / Enterprise MRG
|
cpe:/a:redhat:enterprise_mrg:2.0
|
2 | |
|
Ubuntu Linux 14.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:14.04:-:lts
|
14.04 LTS | |
|
Red Hat Enterprise Linux 6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6
|
6 | |
|
Open Source Linux Kernel <4.10.1
Open Source / Linux Kernel
|
<4.10.1 | ||
|
Open Source Linux Kernel <4.8.14
Open Source / Linux Kernel
|
<4.8.14 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
68 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um administrative Privilegien zu erlangen, einen Denial of Service Angriff durchzuf\u00fchren oder Sicherheitsmechanismen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0117 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-0117.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0117 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0117"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3218 vom 2017-03-07",
"url": "https://www.ubuntu.com/usn/usn-3218-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3219 vom 2017-03-07",
"url": "https://www.ubuntu.com/usn/usn-3219-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3220 vom 2017-03-07",
"url": "https://www.ubuntu.com/usn/usn-3220-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3221 vom 2017-03-07",
"url": "https://www.ubuntu.com/usn/usn-3221-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3217 vom 2017-03-07",
"url": "https://www.ubuntu.com/usn/usn-3217-1/"
},
{
"category": "external",
"summary": "Meldung auf der oss-sec Mailliste vom 2017-03-07",
"url": "http://seclists.org/oss-sec/2017/q1/569"
},
{
"category": "external",
"summary": "Eintrag im Red Hat CVE Database CVE-2017-2336 vom 2017-03-07",
"url": "https://access.redhat.com/security/cve/CVE-2017-2636"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0864-1 vom 2017-03-30",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170864-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0866-1 vom 2017-03-30",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170866-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0865-1 vom 2017-03-30",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170865-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3533 vom 2017-04-01",
"url": "http://linux.oracle.com/errata/ELSA-2017-3533.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3534 vom 2017-04-01",
"url": "http://linux.oracle.com/errata/ELSA-2017-3534.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3535 vom 2017-04-01",
"url": "http://linux.oracle.com/errata/ELSA-2017-3535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0913-1 vom 2017-04-03",
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00005.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:0912-1 vom 2017-04-03",
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00004.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:0892 vom 2017-04-11",
"url": "https://access.redhat.com/errata/RHSA-2017:0892"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-0892 vom 2017-04-11",
"url": "http://linux.oracle.com/errata/ELSA-2017-0892.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:0933 vom 2017-04-12",
"url": "https://access.redhat.com/errata/RHSA-2017:0933"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:0931 vom 2017-04-12",
"url": "https://access.redhat.com/errata/RHSA-2017:0931"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:0932 vom 2017-04-12",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-0933 vom 2017-04-13",
"url": "http://linux.oracle.com/errata/ELSA-2017-0933.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:0986 vom 2017-04-18",
"url": "https://access.redhat.com/errata/RHSA-2017:0986"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:1126 vom 2017-04-25",
"url": "https://access.redhat.com/errata/RHSA-2017:1126"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:1125 vom 2017-04-25",
"url": "https://access.redhat.com/errata/RHSA-2017:1125"
},
{
"category": "external",
"summary": "F5 Security Advisory K68852819 vom 2017-05-02",
"url": "https://support.f5.com/csp/article/K68852819"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1183-1 vom 2017-05-06",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171183-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1247-1 vom 2017-05-12",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171247-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1301-1 vom 2017-05-16",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171301-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3567 vom 2017-05-16",
"url": "http://linux.oracle.com/errata/ELSA-2017-3567.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:1233 vom 2017-05-16",
"url": "https://access.redhat.com/errata/RHSA-2017:1233"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:1232 vom 2017-05-16",
"url": "https://access.redhat.com/errata/RHSA-2017:1232"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1360-1 vom 2017-05-20",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171360-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:1488 vom 2017-06-19",
"url": "https://access.redhat.com/errata/RHSA-2017:1488"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1990-1 vom 2017-07-28",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171990-1.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory RHSA-2017:2077",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2049-1 vom 2017-08-05",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172049-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2043-1 vom 2017-08-05",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172043-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2060-1 vom 2017-08-07",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172060-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2061-1 vom 2017-08-07",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172061-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2068-1 vom 2017-08-07",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172068-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2067-1 vom 2017-08-07",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172067-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2063-1 vom 2017-08-07",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172063-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2065-1 vom 2017-08-07",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172065-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2062-1 vom 2017-08-07",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172062-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2073-1 vom 2017-08-08",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172073-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2072-1 vom 2017-08-08",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172072-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2095-1 vom 2017-08-09",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172095-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2093-1 vom 2017-08-09",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172093-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2088-1 vom 2017-08-09",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172088-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2092-1 vom 2017-08-09",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172092-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2099-1 vom 2017-08-09",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172099-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2096-1 vom 2017-08-09",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172096-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2444 vom 2017-08-08",
"url": "https://access.redhat.com/errata/RHSA-2017:2444"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2437 vom 2017-08-08",
"url": "https://access.redhat.com/errata/RHSA-2017:2437"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3605 vom 2017-08-17",
"url": "http://linux.oracle.com/errata/ELSA-2017-3605.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3606 vom 2017-08-18",
"url": "http://linux.oracle.com/errata/ELSA-2017-3606.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3609 vom 2017-08-24",
"url": "http://linux.oracle.com/errata/ELSA-2017-3609.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2342-1 vom 2017-09-05",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172342-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3422-1 vom 2017-09-19",
"url": "http://www.ubuntu.com/usn/usn-3422-2/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3422-1 vom 2017-09-19",
"url": "http://www.ubuntu.com/usn/usn-3422-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2525-1 vom 2017-09-19",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172525-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3658 vom 2017-12-08",
"url": "http://linux.oracle.com/errata/ELSA-2017-3658.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4021 vom 2018-01-28",
"url": "http://linux.oracle.com/errata/ELSA-2018-4021.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K18015201 vom 2018-04-03",
"url": "https://support.f5.com/csp/article/K18015201"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-1854 vom 2018-06-26",
"url": "http://linux.oracle.com/errata/ELSA-2018-1854.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0152-1 vom 2025-01-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020152.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-19T23:00:00.000+00:00",
"generator": {
"date": "2025-01-20T09:28:13.447+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2025-0117",
"initial_release_date": "2017-03-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2017-03-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-03-07T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-03-07T23:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-03-09T23:00:00.000+00:00",
"number": "4",
"summary": "CVE added"
},
{
"date": "2017-03-09T23:00:00.000+00:00",
"number": "5",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-03-09T23:00:00.000+00:00",
"number": "6",
"summary": "Added references"
},
{
"date": "2017-04-02T22:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2017-04-03T22:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2017-04-11T22:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2017-04-12T22:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2017-04-18T22:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2017-04-25T22:00:00.000+00:00",
"number": "12",
"summary": "New remediations available"
},
{
"date": "2017-05-01T22:00:00.000+00:00",
"number": "13",
"summary": "New remediations available"
},
{
"date": "2017-05-07T22:00:00.000+00:00",
"number": "14",
"summary": "New remediations available"
},
{
"date": "2017-05-11T22:00:00.000+00:00",
"number": "15",
"summary": "New remediations available"
},
{
"date": "2017-05-15T22:00:00.000+00:00",
"number": "16",
"summary": "New remediations available"
},
{
"date": "2017-05-16T22:00:00.000+00:00",
"number": "17",
"summary": "New remediations available"
},
{
"date": "2017-05-21T22:00:00.000+00:00",
"number": "18",
"summary": "New remediations available"
},
{
"date": "2017-06-19T22:00:00.000+00:00",
"number": "19",
"summary": "New remediations available"
},
{
"date": "2017-07-09T22:00:00.000+00:00",
"number": "20",
"summary": "Added references"
},
{
"date": "2017-08-01T22:00:00.000+00:00",
"number": "21",
"summary": "New remediations available"
},
{
"date": "2017-08-06T22:00:00.000+00:00",
"number": "22",
"summary": "New remediations available"
},
{
"date": "2017-08-07T22:00:00.000+00:00",
"number": "23",
"summary": "New remediations available"
},
{
"date": "2017-08-08T22:00:00.000+00:00",
"number": "24",
"summary": "New remediations available"
},
{
"date": "2017-08-08T22:00:00.000+00:00",
"number": "25",
"summary": "New remediations available"
},
{
"date": "2017-08-08T22:00:00.000+00:00",
"number": "26",
"summary": "New remediations available"
},
{
"date": "2017-08-17T22:00:00.000+00:00",
"number": "27",
"summary": "New remediations available"
},
{
"date": "2017-08-20T22:00:00.000+00:00",
"number": "28",
"summary": "New remediations available"
},
{
"date": "2017-08-23T22:00:00.000+00:00",
"number": "29",
"summary": "New remediations available"
},
{
"date": "2017-09-04T22:00:00.000+00:00",
"number": "30",
"summary": "New remediations available"
},
{
"date": "2017-09-18T22:00:00.000+00:00",
"number": "31",
"summary": "New remediations available"
},
{
"date": "2017-09-19T22:00:00.000+00:00",
"number": "32",
"summary": "New remediations available"
},
{
"date": "2017-12-10T23:00:00.000+00:00",
"number": "33",
"summary": "New remediations available"
},
{
"date": "2017-12-10T23:00:00.000+00:00",
"number": "34",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-01-28T23:00:00.000+00:00",
"number": "35",
"summary": "New remediations available"
},
{
"date": "2018-04-03T22:00:00.000+00:00",
"number": "36",
"summary": "New remediations available"
},
{
"date": "2018-04-03T22:00:00.000+00:00",
"number": "37",
"summary": "Version nicht vorhanden"
},
{
"date": "2018-06-26T22:00:00.000+00:00",
"number": "38",
"summary": "New remediations available"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "39"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "13.0.0",
"product": {
"name": "F5 BIG-IP 13.0.0",
"product_id": "T009498",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:13.0.0"
}
}
}
],
"category": "product_name",
"name": "BIG-IP"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1.1",
"product": {
"name": "F5 Enterprise Manager 3.1.1",
"product_id": "269870",
"product_identification_helper": {
"cpe": "cpe:/a:f5:enterprise_manager:3.1.1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Manager"
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.8.14",
"product": {
"name": "Open Source Linux Kernel \u003c4.8.14",
"product_id": "T009131"
}
},
{
"category": "product_version",
"name": "4.8.14",
"product": {
"name": "Open Source Linux Kernel 4.8.14",
"product_id": "T009131-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:4.8.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.10.1",
"product": {
"name": "Open Source Linux Kernel \u003c4.10.1",
"product_id": "T009484"
}
},
{
"category": "product_version",
"name": "4.10.1",
"product": {
"name": "Open Source Linux Kernel 4.10.1",
"product_id": "T009484-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:4.10.1"
}
}
}
],
"category": "product_name",
"name": "Linux Kernel"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "6",
"product": {
"name": "Red Hat Enterprise Linux 6",
"product_id": "120737",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T008931",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:v.7.3:aus"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "2",
"product": {
"name": "Red Hat Enterprise MRG 2",
"product_id": "152304",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise MRG"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "12.04 LTS",
"product": {
"name": "Ubuntu Linux 12.04 LTS",
"product_id": "170497",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"
}
}
},
{
"category": "product_version",
"name": "14.04 LTS",
"product": {
"name": "Ubuntu Linux 14.04 LTS",
"product_id": "T003005",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"
}
}
},
{
"category": "product_version",
"name": "16.04 LTS",
"product": {
"name": "Ubuntu Linux 16.04 LTS",
"product_id": "T007521",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:16.04_lts"
}
}
},
{
"category": "product_version",
"name": "16.1",
"product": {
"name": "Ubuntu Linux 16.10",
"product_id": "T008726",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:16.10"
}
}
}
],
"category": "product_name",
"name": "Linux"
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10200",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel im Zusammenhang mit der l2tp_ip6_bind() Funktion in der L2TPv3 IP Encapsulation. Ein lokaler Angreifer kann ein Racecondition ausl\u00f6sen, um dadurch einen Denial of Service Zustand herbeizuf\u00fchren oder um seine Privilegien zu erh\u00f6hen."
}
],
"product_status": {
"known_affected": [
"T008931",
"170497",
"T007521",
"T002207",
"T008726",
"152304",
"T003005",
"120737",
"T009484",
"T009131",
"T004914"
]
},
"release_date": "2017-03-07T23:00:00.000+00:00",
"title": "CVE-2016-10200"
},
{
"cve": "CVE-2017-2636",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel im Zusammenhang mit dem N_HLDC Linux kernel Treiber (drivers/tty/n_hdlc.c). Ein lokaler Angreifer kann die Schwachstelle nutzen, um administrative Privilegien erlangen oder einen Denial of Service Angriff durchf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T008931",
"T007521",
"T008726",
"T003005",
"T004914",
"170497",
"T002207",
"152304",
"120737",
"T009484",
"T009131",
"269870",
"T009498"
]
},
"release_date": "2017-03-07T23:00:00.000+00:00",
"title": "CVE-2017-2636"
},
{
"cve": "CVE-2017-6590",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel in Zusammenhang mit dem network-manager-applet in GNOME. Ein Angreifer mit physikalischem Zugang zum System kann diese Schwachstelle nutzen, um Sicherheitsmechanismen zu umgehen und Zugriff auf das lokale Dateisystem eines gesperrten Clients zur erlangen. F\u00fcr einen erfolgreichen Anfgriff muss Wi-fi aktiviert sein."
}
],
"product_status": {
"known_affected": [
"T008931",
"170497",
"T007521",
"T002207",
"T008726",
"152304",
"T003005",
"120737",
"T009484",
"T009131",
"T004914"
]
},
"release_date": "2017-03-07T23:00:00.000+00:00",
"title": "CVE-2017-6590"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…