Home > Vulnerability Database > CVE-2015-1350

Mend.io Vulnerability Database

CVE-2015-1350

Date: May 2, 2016

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Severity Score

5.5

Related Resources (10)

Url: http://www.openwall.com/lists/oss-security/2015/01/24/5

Url: https://access.redhat.com/security/cve/CVE-2015-1350

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-1350

Url: https://security-tracker.debian.org/tracker/CVE-2015-1350

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-1350

Url: http://www.securityfocus.com/bid/76075

Url: http://marc.info/?l=linux-kernel&m=142153722930533&w=2

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1185139

Url: https://www.mend.io/vulnerability-database/CVE-2015-1350

Severity Score

5.5

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-1350

Date: May 2, 2016

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?