BDU:2017-00758

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.0high3.x

0246810

CVSS Score: 7.0/10

All CVSS Scores

CVSS 3.x

7.0

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость компонента mm/gup.c ядра операционной системы Linux существует из-за недостаточной проверки состояния ресурса при возможности его совместного использования. Эксплуатация уязвимости может позволить нарушителю, действующему локально, повысить свои привилегии путем некорректного использования функции копирования при записи (COW) для записи данных в области памяти, предназначенных только для чтения

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2016-5195

Exploits

Exploit ID: 40611

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40611

Exploit ID: 40616

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40616

Exploit ID: 40838

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40838

Exploit ID: 40839

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40839

Exploit ID: 40847

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40847

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5195

https://www.kb.cert.org/vuls/id/243144

http://www.securityfocus.com/bid/93793

http://fortiguard.com/advisory/FG-IR-16-063

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html

http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html

http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html

http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html

http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html

http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html

http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html

http://rhn.redhat.com/errata/RHSA-2016-2098.html

http://rhn.redhat.com/errata/RHSA-2016-2105.html

http://rhn.redhat.com/errata/RHSA-2016-2106.html

http://rhn.redhat.com/errata/RHSA-2016-2107.html

http://rhn.redhat.com/errata/RHSA-2016-2110.html

http://rhn.redhat.com/errata/RHSA-2016-2118.html

http://rhn.redhat.com/errata/RHSA-2016-2120.html

http://rhn.redhat.com/errata/RHSA-2016-2124.html

http://rhn.redhat.com/errata/RHSA-2016-2126.html

http://rhn.redhat.com/errata/RHSA-2016-2127.html

http://rhn.redhat.com/errata/RHSA-2016-2128.html

http://rhn.redhat.com/errata/RHSA-2016-2132.html

http://rhn.redhat.com/errata/RHSA-2016-2133.html

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux

http://www.debian.org/security/2016/dsa-3696

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3

http://www.openwall.com/lists/oss-security/2016/10/21/1

http://www.openwall.com/lists/oss-security/2016/10/26/7

http://www.openwall.com/lists/oss-security/2016/10/27/13

http://www.openwall.com/lists/oss-security/2016/10/30/1

http://www.openwall.com/lists/oss-security/2016/11/03/7

http://www.openwall.com/lists/oss-security/2022/03/07/1

http://www.openwall.com/lists/oss-security/2022/08/08/1

http://www.openwall.com/lists/oss-security/2022/08/08/2

http://www.openwall.com/lists/oss-security/2022/08/08/7

http://www.openwall.com/lists/oss-security/2022/08/08/8

http://www.openwall.com/lists/oss-security/2022/08/09/4

http://www.openwall.com/lists/oss-security/2022/08/15/1

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/archive/1/539611/100/0/threaded

http://www.securityfocus.com/archive/1/540252/100/0/threaded

http://www.securityfocus.com/archive/1/540344/100/0/threaded

http://www.securityfocus.com/archive/1/540736/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded

http://www.securityfocus.com/bid/93793

http://www.securitytracker.com/id/1037078

http://www.ubuntu.com/usn/USN-3104-1

http://www.ubuntu.com/usn/USN-3104-2

http://www.ubuntu.com/usn/USN-3105-1

http://www.ubuntu.com/usn/USN-3105-2

http://www.ubuntu.com/usn/USN-3106-1

http://www.ubuntu.com/usn/USN-3106-2

http://www.ubuntu.com/usn/USN-3106-3

http://www.ubuntu.com/usn/USN-3106-4

http://www.ubuntu.com/usn/USN-3107-1

http://www.ubuntu.com/usn/USN-3107-2

https://access.redhat.com/errata/RHSA-2017:0372

https://access.redhat.com/security/cve/cve-2016-5195

https://access.redhat.com/security/vulnerabilities/2706661

https://bto.bluecoat.com/security-advisory/sa134

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1633547

https://bugzilla.redhat.com/show_bug.cgi?id=1384344

https://bugzilla.suse.com/show_bug.cgi?id=1004418

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

https://dirtycow.ninja

https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails

https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03707en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03722en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03742en_us

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03761en_us

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://kc.mcafee.com/corporate/index?page=content&id=SB10176

https://kc.mcafee.com/corporate/index?page=content&id=SB10177

https://kc.mcafee.com/corporate/index?page=content&id=SB10222

https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.35

https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26

https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9

https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html

https://security.netapp.com/advisory/ntap-20161025-0001/

https://security.paloaltonetworks.com/CVE-2016-5195

https://security-tracker.debian.org/tracker/CVE-2016-5195

https://source.android.com/security/bulletin/2016-11-01.html

https://source.android.com/security/bulletin/2016-12-01.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd

https://ubuntu.com/security/notices/USN-3104-1

https://ubuntu.com/security/notices/USN-3104-2

https://ubuntu.com/security/notices/USN-3105-1

https://ubuntu.com/security/notices/USN-3105-2

https://ubuntu.com/security/notices/USN-3106-1

https://ubuntu.com/security/notices/USN-3106-2

https://ubuntu.com/security/notices/USN-3106-3

https://ubuntu.com/security/notices/USN-3106-4

https://ubuntu.com/security/notices/USN-3107-1

https://ubuntu.com/security/notices/USN-3107-2

https://usn.ubuntu.com/usn/usn-3104-1

https://usn.ubuntu.com/usn/usn-3104-2

https://usn.ubuntu.com/usn/usn-3105-1

https://usn.ubuntu.com/usn/usn-3105-2

https://usn.ubuntu.com/usn/usn-3106-1

https://usn.ubuntu.com/usn/usn-3106-2

https://usn.ubuntu.com/usn/usn-3106-3

https://usn.ubuntu.com/usn/usn-3106-4

https://usn.ubuntu.com/usn/usn-3107-1

https://usn.ubuntu.com/usn/usn-3107-2

https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15

https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026

https://www.cve.org/CVERecord?id=CVE-2016-5195

https://www.exploit-db.com/exploits/40611/

https://www.exploit-db.com/exploits/40616/

https://www.exploit-db.com/exploits/40839/

https://www.exploit-db.com/exploits/40847/

https://www.kb.cert.org/vuls/id/243144

Recommendations

Source: bdu

Использование рекомендаций:

Для Linux:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.35
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3

Для Debian:
Обновление программного обеспечения (пакета linux) до 4.8.3 или более поздней версии

Для Astra Linux:
Обновление программного обеспечения (пакета linux) до 4.8.3 или более поздней версии

Для ОС Синергия:
Включение механизма управления доступом SELinux в режиме Enforcing

URL: https://bdu.fstec.ru/vul/2017-00758

Vulnerable Software (24)

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: astra 1.5

Trait:

{  "version_end_including": "4.4.25",  "version_start_including": "4.2"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: astra 1.5

Trait:

{  "version_end_including": "4.7.8",  "version_start_including": "4.5"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: astra 1.5

Trait:

{  "version_end_including": "4.1.34",  "version_start_including": "2.6.16"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: astra 1.5

Trait:

{  "version_end_including": "4.8.2",  "version_start_including": "4.8"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: linux *

Trait:

{  "version_end_including": "4.4.25",  "version_start_including": "4.2"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: linux *

Trait:

{  "version_end_including": "4.7.8",  "version_start_including": "4.5"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: linux *

Trait:

{  "version_end_including": "4.1.34",  "version_start_including": "2.6.16"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: linux *

Trait:

{  "version_end_including": "4.8.2",  "version_start_including": "4.8"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 9

Trait:

{  "version_end_including": "4.4.25",  "version_start_including": "4.2"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 9

Trait:

{  "version_end_including": "4.7.8",  "version_start_including": "4.5"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 9

Trait:

{  "version_end_including": "4.1.34",  "version_start_including": "2.6.16"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 9

Trait:

{  "version_end_including": "4.8.2",  "version_start_including": "4.8"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 8

Trait:

{  "version_end_including": "4.4.25",  "version_start_including": "4.2"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 8

Trait:

{  "version_end_including": "4.7.8",  "version_start_including": "4.5"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 8

Trait:

{  "version_end_including": "4.1.34",  "version_start_including": "2.6.16"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 8

Trait:

{  "version_end_including": "4.8.2",  "version_start_including": "4.8"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 10

Trait:

{  "version_end_including": "4.4.25",  "version_start_including": "4.2"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 10

Trait:

{  "version_end_including": "4.7.8",  "version_start_including": "4.5"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 10

Trait:

{  "version_end_including": "4.1.34",  "version_start_including": "2.6.16"}

Source: bdu

Type: Configuration

Vendor: сообщество свободного программного обеспечения

Product: linux_kernel

Operating System: debian gnu/linux 10

Trait:

{  "version_end_including": "4.8.2",  "version_start_including": "4.8"}

Source: bdu

Russian Vulnerability Scanner Database

BDU:2017-00758

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Exploits

Reference Links

Recommendations

Vulnerable Software (24)