ArchLinuxASA-201706-35[ASA-201706-35] libnl: privilege escalation
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.7%
Arch Linux Security Advisory ASA-201706-35
Severity: Medium
Date : 2017-06-28
CVE-ID : CVE-2017-0553
Package : libnl
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-292
Summary
The package libnl before version 3.3.0-1 is vulnerable to privilege
escalation.
Resolution
Upgrade to 3.3.0-1.
pacman -Syu βlibnl>=3.3.0-1β
The problem has been fixed upstream in version 3.3.0.
Workaround
None.
Description
An integer overflow vulnerability has been found in the nlmsg_reserve()
function of libnl < 3.3.0, allowing local privilege escalation.
Impact
A local attacker is able to escalate privileges.
References
http://git.infradead.org/users/tgr/libnl.git/commitdiff/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb?hp=3dd2a0f26fa59896b4b4a262cf309a4be4aa70d3
https://security.archlinux.org/CVE-2017-0553
Related
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.7%