CVE-2017-17807
kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
El subsistema KEYS en el kernel de Linux en versiones anteriores a la 4.14.6 omitía una comprobación de control de acceso cuando se agregaba una clave al "llavero de acceso por defecto" de la tarea actual mediante la llamada al sistema request_key(), permitiendo a un usuario local utilizar una secuencia de llamadas de sistema manipuladas para añadir claves a un llavero solo con permiso de búsqueda (no de escritura) a ese llavero. Esto está relacionado con construct_get_dest_keyring() en security/keys/request_key.c.
The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-03 CVE Published
- 2017-12-20 CVE Reserved
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (17)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102301 | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html | Mailing List | |
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/3617-1 | 2019-10-03 | |
https://usn.ubuntu.com/3617-2 | 2019-10-03 | |
https://usn.ubuntu.com/3617-3 | 2019-10-03 | |
https://usn.ubuntu.com/3619-1 | 2019-10-03 | |
https://usn.ubuntu.com/3619-2 | 2019-10-03 | |
https://usn.ubuntu.com/3620-1 | 2019-10-03 | |
https://usn.ubuntu.com/3620-2 | 2019-10-03 | |
https://usn.ubuntu.com/3632-1 | 2019-10-03 | |
https://www.debian.org/security/2017/dsa-4073 | 2019-10-03 | |
https://www.debian.org/security/2018/dsa-4082 | 2019-10-03 | |
https://access.redhat.com/security/cve/CVE-2017-17807 | 2020-03-31 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1528335 | 2020-03-31 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.14.6 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.6" | - |
Affected
|