04 Aoû 2015
Vulnerability Details : CVE-2015-3636
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
Publish Date : 2015-08-05 Last Update Date : 2015-08-05
- CVSS Scores & Vulnerability Types
- Related OVAL Definitions
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.
- Products Affected By CVE-2015-3636
- References For CVE-2015-3636
- Metasploit Modules Related To CVE-2015-3636
There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)