cnvd - cnvd-2015-05213

cnvd-2015-05213

Vulnerability from cnvd

Title: Linux kernel本地拒绝服务漏洞（CNVD-2015-05213）

Description:

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。

Linux kernel存在本地拒绝服务漏洞。本地攻击者可以利用漏洞拒绝提升权限的有效用户,服务,或应用程序,导致拒绝服务。

Severity: 低

Formal description:

目前厂商还没有提出此漏洞的相关补丁或升级程序，建议使用此软件的用户随时关注厂商的主页以获得最新版本： https://www.kernel.org/

Reference: http://www.securityfocus.com/bid/76075

Impacted products

Name
Linux Kernel

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "76075"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1350"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002 \r\n\r\nLinux kernel\u5b58\u5728\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u62d2\u7edd\u63d0\u5347\u6743\u9650\u7684\u6709\u6548\u7528\u6237,\u670d\u52a1,\u6216\u5e94\u7528\u7a0b\u5e8f,\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Solar Designer",
  "formalWay": "\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u51fa\u6b64\u6f0f\u6d1e\u7684\u76f8\u5173\u8865\u4e01\u6216\u5347\u7ea7\u7a0b\u5e8f\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u5f97\u6700\u65b0\u7248\u672c\uff1a\r\nhttps://www.kernel.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05213",
  "openTime": "2015-08-13",
  "products": {
    "product": "Linux Kernel"
  },
  "referenceLink": "http://www.securityfocus.com/bid/76075",
  "serverity": "\u4f4e",
  "submitTime": "2015-08-12",
  "title": "Linux kernel\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-05213\uff09"
}

CVE-2015-1350 (GCVE-0-2015-1350)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-06 04:40

Severity ?

CWE

Summary

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1185139	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/76075	vdb-entry, x_refsource_BID
	http://marc.info/?l=linux-kernel&m=142153722930533&w=2	mailing-list, x_refsource_MLIST
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2015/01/24/5	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:40:18.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
          },
          {
            "name": "76075",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76075"
          },
          {
            "name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
          },
          {
            "name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-01T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
        },
        {
          "name": "76075",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76075"
        },
        {
          "name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
        },
        {
          "name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
            },
            {
              "name": "76075",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76075"
            },
            {
              "name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
            },
            {
              "name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1350",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2015-01-24T00:00:00",
    "dateUpdated": "2024-08-06T04:40:18.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted