Executive Summary

Informations
NameCVE-2016-9604First vendor Publication2018-07-11
VendorCveLast vendor Modification2018-09-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9604

CWE : Common Weakness Enumeration

%idName
100 %CWE-347Improper Verification of Cryptographic Signature

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2729

Nessus® Vulnerability Scanner

DateDescription
2017-12-14Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3659.nasl - Type : ACT_GATHER_INFO
2017-12-14Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0174.nasl - Type : ACT_GATHER_INFO
2017-12-11Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3657.nasl - Type : ACT_GATHER_INFO
2017-12-11Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3658.nasl - Type : ACT_GATHER_INFO
2017-12-11Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0173.nasl - Type : ACT_GATHER_INFO
2017-11-03Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2920-1.nasl - Type : ACT_GATHER_INFO
2017-09-19Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3422-1.nasl - Type : ACT_GATHER_INFO
2017-09-08Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1159.nasl - Type : ACT_GATHER_INFO
2017-09-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2669.nasl - Type : ACT_GATHER_INFO
2017-08-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-1842.nasl - Type : ACT_GATHER_INFO
2017-08-25Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3609.nasl - Type : ACT_GATHER_INFO
2017-08-25Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0145.nasl - Type : ACT_GATHER_INFO
2017-08-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170801_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-08-21Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3606.nasl - Type : ACT_GATHER_INFO
2017-08-21Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3607.nasl - Type : ACT_GATHER_INFO
2017-08-21Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0144.nasl - Type : ACT_GATHER_INFO
2017-08-18Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-3605.nasl - Type : ACT_GATHER_INFO
2017-08-18Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0143.nasl - Type : ACT_GATHER_INFO
2017-08-16Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-1842-1.nasl - Type : ACT_GATHER_INFO
2017-08-09Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-1842.nasl - Type : ACT_GATHER_INFO
2017-08-03Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-1842.nasl - Type : ACT_GATHER_INFO
2017-08-03Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-2077.nasl - Type : ACT_GATHER_INFO
2017-07-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3361-1.nasl - Type : ACT_GATHER_INFO
2017-06-07Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3312-1.nasl - Type : ACT_GATHER_INFO
2017-06-07Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3312-2.nasl - Type : ACT_GATHER_INFO
2017-06-07Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3314-1.nasl - Type : ACT_GATHER_INFO
2017-05-22Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1360-1.nasl - Type : ACT_GATHER_INFO
2017-05-05Name : The remote Fedora host is missing a security update.
File : fedora_2017-0aa0f69e0c.nasl - Type : ACT_GATHER_INFO
2017-05-02Name : The remote Fedora host is missing a security update.
File : fedora_2017-17d1c05236.nasl - Type : ACT_GATHER_INFO
2017-05-01Name : The remote Debian host is missing a security update.
File : debian_DLA-922.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/102135
CONFIRM http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html
https://bugzilla.novell.com/show_bug.cgi?id=1035576
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id...
REDHAT https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2669

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2018-11-17 12:07:11
  • Multiple Updates
2018-11-07 12:05:13
  • Multiple Updates
2018-10-30 12:09:38
  • Multiple Updates
2018-09-28 12:09:27
  • Multiple Updates
2018-09-11 17:19:44
  • Multiple Updates
2018-07-13 09:19:06
  • Multiple Updates
2018-07-11 21:19:28
  • First insertion