Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2016-3134

Description

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

POC

Reference

- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

- http://www.ubuntu.com/usn/USN-2930-2

- http://www.ubuntu.com/usn/USN-2932-1

- https://code.google.com/p/google-security-research/issues/detail?id=758

Github

- https://github.com/XinLiu2025/openkylinsat