4.7 - CVE-2017-2616

Executive Summary

Informations
Name	CVE-2017-2616	First vendor Publication	2018-07-27
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score	4.7
Base Score	4.7	Environmental Score	4.7
impact SubScore	3.6	Temporal Score	4.7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score	4.7	Attack Range	Local
Cvss Impact Score	6.9	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-362	Race Condition

CPE : Common Platform Enumeration

Type	Description	Count
Application	Util-Linux Project Util-Linux cpe:2.3:a:util-linux_project:util-linux::::::::	1
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*	2
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*	2
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*	2
Os	Redhat Enterprise Linux Server Eus cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*	3
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*	2

Nessus® Vulnerability Scanner

Date	Description
2017-07-13	Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-0907.nasl - Type : ACT_GATHER_INFO
2017-06-06	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201706-02.nasl - Type : ACT_GATHER_INFO
2017-05-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3276-2.nasl - Type : ACT_GATHER_INFO
2017-05-05	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3276-1.nasl - Type : ACT_GATHER_INFO
2017-05-03	Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2017-1084.nasl - Type : ACT_GATHER_INFO
2017-05-03	Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2017-1083.nasl - Type : ACT_GATHER_INFO
2017-04-28	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-823.nasl - Type : ACT_GATHER_INFO
2017-04-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-0907.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170412_util_linux_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0907.nasl - Type : ACT_GATHER_INFO
2017-04-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-0907.nasl - Type : ACT_GATHER_INFO
2017-04-06	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170321_coreutils_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-03-30	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0052.nasl - Type : ACT_GATHER_INFO
2017-03-30	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-0654.nasl - Type : ACT_GATHER_INFO
2017-03-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-0654.nasl - Type : ACT_GATHER_INFO
2017-03-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-0654.nasl - Type : ACT_GATHER_INFO
2017-03-07	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-306.nasl - Type : ACT_GATHER_INFO
2017-03-07	Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-305.nasl - Type : ACT_GATHER_INFO
2017-03-02	Name : The remote Fedora host is missing a security update. File : fedora_2017-b11b460865.nasl - Type : ACT_GATHER_INFO
2017-03-01	Name : The remote Fedora host is missing a security update. File : fedora_2017-20710607f5.nasl - Type : ACT_GATHER_INFO
2017-02-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3793.nasl - Type : ACT_GATHER_INFO
2017-02-27	Name : The remote Debian host is missing a security update. File : debian_DLA-838.nasl - Type : ACT_GATHER_INFO
2017-02-24	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0553-1.nasl - Type : ACT_GATHER_INFO
2017-02-24	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0555-1.nasl - Type : ACT_GATHER_INFO
2017-02-24	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0554-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://rhn.redhat.com/errata/RHSA-2017-0654.html
http://www.securityfocus.com/bid/96404
http://www.securitytracker.com/id/1038271
https://access.redhat.com/errata/RHSA-2017:0907
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616
https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8...
https://security.gentoo.org/glsa/201706-02
https://www.debian.org/security/2017/dsa-3793

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 13:05:59	Multiple Updates
2021-05-04 13:01:40	Multiple Updates
2021-04-22 02:15:15	Multiple Updates
2020-05-23 02:05:46	Multiple Updates
2020-05-23 00:59:51	Multiple Updates
2019-10-10 05:19:55	Multiple Updates
2019-01-05 12:08:00	Multiple Updates
2018-09-21 17:19:32	Multiple Updates
2018-07-29 09:19:25	Multiple Updates
2018-07-28 00:19:02	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	13
Sources(s)	8
Nessus® Exploit(s)	25

	Related
4.7	RHSA-2017:0907
4.7	RHSA-2017:0654
4.7	GLSA-201706-02
4.7	DSA-3793
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

4.7 - CVE-2017-2616

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU