Уязвимость CVE-2017-6074: Информация

Описание

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

Важность: HIGH (7,8) Вектор: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-6074

Опубликовано: 19 февраля 2017 г.

Изменено: 10 февраля 2023 г.

Идентификатор типа ошибки: CWE-415

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
kernel-image-elbrus-def	sisyphus_e2k	5.4.163-alt2.23.1	5.10.210-alt1.20.1	ALT-PU-2021-4495-1	-	Исправлено
kernel-image-std-debug	sisyphus	5.10.68-alt1	6.1.92-alt1	ALT-PU-2021-2870-1	285779	Исправлено
kernel-image-std-debug	p11	5.10.68-alt1	6.1.91-alt1	ALT-PU-2021-2870-1	285779	Исправлено
kernel-image-std-def	sisyphus	4.4.52-alt1	6.1.92-alt1	ALT-PU-2017-1216-1	178890	Исправлено
kernel-image-std-def	p10	5.10.69-alt1	5.10.218-alt1	ALT-PU-2021-2938-1	285964	Исправлено
kernel-image-std-def	p9	5.4.149-alt1	5.4.277-alt1	ALT-PU-2021-2923-1	285957	Исправлено
kernel-image-std-def	p8	4.4.52-alt0.M80P.2	4.9.337-alt0.M80P.1	ALT-PU-2017-1219-1	178894	Исправлено
kernel-image-std-def	c9f2	5.10.70-alt0.c9f.1	5.10.214-alt0.c9f.2	ALT-PU-2021-2984-1	286216	Исправлено
kernel-image-std-def	c7	4.4.93-alt0.M70C.1	4.4.277-alt0.M70C.1	ALT-PU-2017-2509-1	191210	Исправлено
kernel-image-std-def	p11	4.4.52-alt1	6.1.91-alt1	ALT-PU-2017-1216-1	178890	Исправлено
kernel-image-un-def	sisyphus	4.9.13-alt1	6.6.32-alt1	ALT-PU-2017-1215-1	178892	Исправлено
kernel-image-un-def	p10	4.9.13-alt1	6.1.90-alt1	ALT-PU-2017-1215-1	178892	Исправлено
kernel-image-un-def	p9	5.10.69-alt1	5.10.218-alt1	ALT-PU-2021-2919-1	285969	Исправлено
kernel-image-un-def	p8	4.9.13-alt0.M80P.1	4.19.310-alt0.M80P.1	ALT-PU-2017-1220-1	178899	Исправлено
kernel-image-un-def	c10f1	4.9.13-alt1	6.1.85-alt0.c10f.1	ALT-PU-2017-1215-1	178892	Исправлено
kernel-image-un-def	c7	4.4.57-alt0.M70C.2	4.9.277-alt0.M70C.1	ALT-PU-2017-1366-1	180888	Исправлено
kernel-image-un-def	p11	4.9.13-alt1	6.6.31-alt1	ALT-PU-2017-1215-1	178892	Исправлено
usbip	sisyphus	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Исправлено
usbip	sisyphus_e2k	5.10-alt1	5.10-alt1	ALT-PU-2023-7452-1	-	Исправлено
usbip	p10	5.10-alt1	5.10-alt1	ALT-PU-2023-1903-1	320461	Исправлено
usbip	p10_e2k	5.10-alt1	5.10-alt1	ALT-PU-2023-7498-1	-	Исправлено
usbip	p11	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4	Issue Tracking Patch Third Party Advisory
[oss-security] 20170222 Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)	Mailing List Third Party Advisory
96310	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-07-01	Third Party Advisory
1037876	Third Party Advisory VDB Entry
41458	Third Party Advisory VDB Entry
41457	Third Party Advisory VDB Entry
https://www.tenable.com/security/tns-2017-07	Third Party Advisory
DSA-3791	Third Party Advisory
RHSA-2017:1209	Third Party Advisory
RHSA-2017:0932	Third Party Advisory
RHSA-2017:0501	Third Party Advisory
RHSA-2017:0403	Third Party Advisory
RHSA-2017:0366	Third Party Advisory
RHSA-2017:0365	Third Party Advisory
RHSA-2017:0347	Third Party Advisory
RHSA-2017:0346	Third Party Advisory
RHSA-2017:0345	Third Party Advisory
RHSA-2017:0324	Third Party Advisory
RHSA-2017:0323	Third Party Advisory
RHSA-2017:0316	Third Party Advisory
RHSA-2017:0295	Third Party Advisory
RHSA-2017:0294	Third Party Advisory
RHSA-2017:0293	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.17
  End excliding
  3.18.49
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.11
  End excliding
  3.12.71
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.13
  End excliding
  3.16.41
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.19
  End excliding
  4.1.41
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.3
  End excliding
  3.10.106
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  End excliding
  3.2.86
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.2
  End excliding
  4.4.52
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.5
  End excliding
  4.9.13
  
  Конфигурация 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Версия: v24.5.3

Наверх

Уязвимость CVE-2017-6074: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2