CVE-2017-6074
CVE-2017-6074
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/BimsaraMalinda/Linux-Kernel-4.4.0-Ubuntu---DCCP-Double-Free-Privilege-Escalation-CVE-2017-6074★ 1githubgithub.com/34zY/CVE-2017-6074-DOS★ 0cve_referencewww.exploit-db.com/exploits/41457/unverifiedcve_referencewww.exploit-db.com/exploits/41458/unverifiedexploitdbwww.exploit-db.com/exploits/41457unverifiedexploitdbwww.exploit-db.com/exploits/41458unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2017-0293.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0294.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0295.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0316.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0323.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0324.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0345.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0346.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0347.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0365.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0366.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0403.html