diff options
Diffstat (limited to 'doc/book-enea-linux-security-report')
-rw-r--r-- | doc/book-enea-linux-security-report | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/doc/book-enea-linux-security-report b/doc/book-enea-linux-security-report index d1d4bdb..72a8f34 100644 --- a/doc/book-enea-linux-security-report +++ b/doc/book-enea-linux-security-report | |||
@@ -1,14 +1,32 @@ | |||
1 | CVE-i2017-1000380 | ||
2 | Package: kernel | ||
3 | Score: 2.1 (Low) | ||
4 | Description: sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. | ||
5 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1000380 | ||
6 | |||
1 | CVE-2017-1000253 | 7 | CVE-2017-1000253 |
2 | Package: kernel | 8 | Package: kernel |
3 | Score: 8.0 (High) | 9 | Score: 8.0 (High) |
4 | Description: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.Upstream patch:https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 | 10 | Description: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.Upstream patch:https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 |
5 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-1000253 | 11 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-1000253 |
6 | 12 | ||
7 | CVE-1000380 | 13 | CVE-2017-1000250 |
8 | Package: kernel | 14 | Package: bluez5 |
9 | Score: 2.1 (Low) | 15 | Score: 3.3 (Minor) |
10 | Description: sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. | 16 | Description: All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. |
11 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1000380 | 17 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 |
18 | |||
19 | CVE-2017-13081 | ||
20 | Package: linux-firmware | ||
21 | Score: 2.9 (Minor) | ||
22 | Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. | ||
23 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 | ||
24 | |||
25 | CVE-2017-13080 | ||
26 | Package: linux-firmware | ||
27 | Score: 2.9 (Minor) | ||
28 | Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | ||
29 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 | ||
12 | 30 | ||
13 | CVE-2017-9955 | 31 | CVE-2017-9955 |
14 | Package: GNU Binutils | 32 | Package: GNU Binutils |
@@ -1034,18 +1052,4 @@ CVE-2014-9365 | |||
1034 | Package: python | 1052 | Package: python |
1035 | Score: 5.8 (Medium) | 1053 | Score: 5.8 (Medium) |
1036 | Description: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 1054 | Description: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
1037 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365 | 1055 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365 |
1038 | |||
1039 | CVE-1000380 | ||
1040 | Package: kernel | ||
1041 | Score: 2.1 (Low) | ||
1042 | Description: sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. | ||
1043 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1000380 | ||
1044 | |||
1045 | CVE-2017-1000253 | ||
1046 | Package: kernel | ||
1047 | Score: 8.0 (High) | ||
1048 | Description: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.Upstream patch:https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 | ||
1049 | Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-1000253 | ||
1050 | |||
1051 | |||