製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel における整数オーバーフローの脆弱性

Title	Linux Kernel における整数オーバーフローの脆弱性
Summary	Linux Kernel には、整数オーバーフローの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 15, 2017, midnight
Registration Date	Nov. 5, 2018, 6:12 p.m.
Last Update	Nov. 5, 2018, 6:12 p.m.

Affected System

レッドハット

Red Hat Enterprise MRG

Debian

Debian GNU/Linux

Linux

Linux Kernel 4.12 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-7482	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7482
National Vulnerability Database (NVD)
2	CVE-2017-7482	https://nvd.nist.gov/vuln/detail/CVE-2017-7482
関連文書
3	CVE-2017-7482 Linux kernel: krb5 ticket decode len check.	https://seclists.org/oss-sec/2017/q2/602

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-190	https://cwe.mitre.org/data/definitions/190.html

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-3927	https://www.debian.org/security/2017/dsa-3927
2	DSA-3945	https://www.debian.org/security/2017/dsa-3945
Linux Kernel
3	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
4	rxrpc: Fix several cases where a padded len isn't checked in ticket decode	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0
Red Hat Bugzilla
5	Bug 1446288	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482

Change Log

No	Changed Details	Date of change
1	[2018年11月05日] 掲載	Nov. 5, 2018, 6:12 p.m.

NVD Vulnerability Information

CVE-2017-7482

Summary	In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
Publication Date	July 30, 2018, 11:29 p.m.
Registration Date	Jan. 26, 2021, 1:28 p.m.
Last Update	Nov. 21, 2024, 12:31 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://seclists.org/oss-sec/2017/q2/602	Mailing List Patch Third Party Advisory
2	http://seclists.org/oss-sec/2017/q2/602	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/99299	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/99299	Third Party Advisory VDB Entry
5	http://www.securitytracker.com/id/1038787	Third Party Advisory VDB Entry
6	http://www.securitytracker.com/id/1038787	Third Party Advisory VDB Entry
7	https://access.redhat.com/errata/RHSA-2019:0641	Third Party Advisory
8	https://access.redhat.com/errata/RHSA-2019:0641	Third Party Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482	Issue Tracking Patch Third Party Advisory
10	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482	Issue Tracking Patch Third Party Advisory
11	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0	Patch Vendor Advisory
12	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0	Patch Vendor Advisory
13	https://www.debian.org/security/2017/dsa-3927	Third Party Advisory
14	https://www.debian.org/security/2017/dsa-3927	Third Party Advisory
15	https://www.debian.org/security/2017/dsa-3945	Third Party Advisory
16	https://www.debian.org/security/2017/dsa-3945	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html