CVE-2017-17449

MEDIUM Year: 2017
CVSS v3 Score
4.7
Medium
CVSS v2 Score
1.9
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.

Related Vulnerabilities

CVE-2015-3142

MEDIUM
CVSS:4.7(Medium)

The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensit...

CWE-2002015

CVE-2015-7328

MEDIUM
CVSS:4.7(Medium)

Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the...

CWE-2002015

CVE-2015-7438

MEDIUM
CVSS:4.7(Medium)

IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access.

CWE-2002015

CVE-2015-7493

MEDIUM
CVSS:4.7(Medium)

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

CWE-2002015

CVE-2016-10293

MEDIUM
CVSS:4.7(Medium)

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because...

CWE-2002016

CVE-2016-10294

MEDIUM
CVSS:4.7(Medium)

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because...

CWE-2002016