← volver
CVE-2016-0728

CVE-2016-0728

EPSS 3.6%
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Productos afectados
n/a · n/a
PoCs públicas encontradas14
githubgithub.com/nardholio/cve-2016-072822githubgithub.com/bittorrent3389/cve-2016-07287githubgithub.com/neuschaefer/cve-2016-0728-testbed5githubgithub.com/kennetham/cve_2016_07283githubgithub.com/sugarvillela/CVE1githubgithub.com/idl3r/cve-2016-07281githubgithub.com/th30d00r/Linux-Vulnerability-CVE-2016-0728-and-Exploit0githubgithub.com/googleweb/CVE-2016-07280githubgithub.com/sibilleg/exploit_cve-2016-07280githubgithub.com/hal0taso/CVE-2016-07280githubgithub.com/sidrk01/cve-2016-07280exploitdbwww.exploit-db.com/exploits/40003no verificadoexploitdbwww.exploit-db.com/exploits/39277no verificadocve_referencewww.exploit-db.com/exploits/39277/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html