mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
182 lines
7.1 KiB
JSON
182 lines
7.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@debian.org",
|
|
"ID": "CVE-2015-8709",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states \"there is no kernel bug here.\""
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "SUSE-SU-2016:1038",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1033",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1034",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html"
|
|
},
|
|
{
|
|
"name": "[linux-kernel] 20151226 [PATCH] ptrace: being capable wrt a process requires mapped uids/gids",
|
|
"refsource": "MLIST",
|
|
"url": "https://lkml.org/lkml/2015/12/25/71"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1035",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html"
|
|
},
|
|
{
|
|
"name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids",
|
|
"refsource": "MLIST",
|
|
"url": "http://marc.info/?l=linux-kernel&m=145204641422813&w=2"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1764",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1031",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1019",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20151231 Re: CVE Request: Linux kernel: privilege escalation in user namespaces",
|
|
"refsource": "MLIST",
|
|
"url": "http://www.openwall.com/lists/oss-security/2015/12/31/5"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20151217 CVE Request: Linux kernel: privilege escalation in user namespaces",
|
|
"refsource": "MLIST",
|
|
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/12"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1037",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1045",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html"
|
|
},
|
|
{
|
|
"name": "[linux-kernel] 20160106 Re: [PATCH] ptrace: being capable wrt a process requires mapped uids/gids",
|
|
"refsource": "MLIST",
|
|
"url": "http://marc.info/?l=linux-kernel&m=145204362722256&w=2"
|
|
},
|
|
{
|
|
"name": "FEDORA-2016-5d43766e33",
|
|
"refsource": "FEDORA",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1032",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1039",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1041",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1046",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html"
|
|
},
|
|
{
|
|
"name": "79899",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/79899"
|
|
},
|
|
{
|
|
"name": "1034899",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1034899"
|
|
},
|
|
{
|
|
"name": "openSUSE-SU-2016:1008",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"
|
|
},
|
|
{
|
|
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1295287",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295287"
|
|
},
|
|
{
|
|
"name": "DSA-3434",
|
|
"refsource": "DEBIAN",
|
|
"url": "http://www.debian.org/security/2016/dsa-3434"
|
|
},
|
|
{
|
|
"name": "SUSE-SU-2016:1040",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html"
|
|
}
|
|
]
|
|
}
|
|
} |