- Home
- CVEs with nessus.description==According+to+the+versions+of+the+kernel+packages+installed%2C+the+EulerOS+installation+on+the+remote+host+is+affected+by+the+following+vulnerabilities+%3A%0A%0A++-+It+was+found+that+the+RFC+5961+challenge+ACK+rate+++++limiting+as+implemented+in+the+Linux+kernel%27s+++++networking+subsystem+allowed+an+off-path+attacker+to+++++leak+certain+information+about+a+given+connection+by+++++creating+congestion+on+the+global+challenge+ACK+rate+++++limit+counter+and+then+measuring+the+changes+by+probing+++++packets.+An+off-path+attacker+could+use+this+flaw+to+++++either+terminate+TCP+connection+and%2For+inject+payload+++++into+non-secured+TCP+connection+between+two+endpoints+++++on+the+network.%28CVE-2016-5696%29%0A%0A++-+A+flaw+was+found+in+the+Linux+kernel%27s+keyring+handling+++++code%2C+where+in+key_reject_and_link%28%29+an+uninitialised+++++variable+would+eventually+lead+to+arbitrary+free+++++address+which+could+allow+attacker+to+use+a+++++use-after-free+style+attack.+%28CVE-2016-4470%29%0A%0A++-+A+flaw+was+found+in+the+way+certain+interfaces+of+the+++++Linux+kernel%27s+Infiniband+subsystem+used+write%28%29+as+++++bi-directional+ioctl%28%29+replacement%2C+which+could+lead+to+++++insufficient+memory+security+checks+when+being+invoked+++++using+the+splice%28%29+system+call.+A+local+unprivileged+++++user+on+a+system+with+either+Infiniband+hardware+++++present+or+RDMA+Userspace+Connection+Manager+Access+++++module+explicitly+loaded%2C+could+use+this+flaw+to+++++escalate+their+privileges+on+the+system.%28CVE-2016-4565%29%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+EulerOS+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top