Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv2

CVE-2015-3339

Published: 27/05/2015 Updated: 07/11/2023
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
VMScore: 552
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel prior to 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red H ...
Red Hat: Important: kernel-rt security, bug fix, and enhancement update
Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated ...
Debian CVElist Bug Report Logs: [regression] BUG in process context when using TCP Fast Open (CVE-2015-2015-3332)
Debian Bug report logs - #782515 [regression] BUG in process context when using TCP Fast Open (CVE-2015-2015-3332) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Antti Salmela <asalmela@ikifi> Date: Mon, 13 Apr 2015 14:48:02 UTC Severity: important ...
Debian CVElist Bug Report Logs: Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331)
Debian Bug report logs - #782561 Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Romain Francoise <rfrancoise@debianorg> Date: Tue, 14 Apr 2015 08:57:02 UTC Severity: n ...
Debian Security Advisories: DSA-3237-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2014-8159 It was found that the Linux kernel's InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-lts-trusty vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-ec2 vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-lts-utopic vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Red Hat: CVE-2015-3339
A race condition flaw was found between the chown and execve system calls When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root A local, unprivileged user could potentially use this flaw to escalate their privileges on the system ...

References

CWE-362https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543http://www.openwall.com/lists/oss-security/2015/04/20/5http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6https://bugzilla.redhat.com/show_bug.cgi?id=1214030http://www.debian.org/security/2015/dsa-3237http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1272.htmlhttp://www.securitytracker.com/id/1032412http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.htmlhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2015:2152https://usn.ubuntu.com/2598-1/https://access.redhat.com/security/cve/cve-2015-3339https://www.debian.org/security/./dsa-3237
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook