← voltar
CVE-2016-9604

CVE-2016-9604

CVSS 4.4 MEDIUMEPSS 0.3%CWE-732
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
kernel · security

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.htmlhttps://access.redhat.com/errata/RHSA-2017:1842https://access.redhat.com/errata/RHSA-2017:2077https://access.redhat.com/errata/RHSA-2017:2669https://bugzilla.novell.com/show_bug.cgi?id=1035576https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2fhttp://www.securityfocus.com/bid/102135