Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-5366

Disclosure Date: August 31, 2015
CVE-2015-5366
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2015-5366 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366)
BID-75510 (http://www.securityfocus.com/bid/75510)
Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=beb39db59d14990e401e235faf66a6b9b31240b0
USN-2713-1 (http://www.ubuntu.com/usn/USN-2713-1)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
USN-2680-1 (http://www.ubuntu.com/usn/USN-2680-1)
USN-2682-1 (http://www.ubuntu.com/usn/USN-2682-1)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
http://rhn.redhat.com/errata/RHSA-2015-1778.html
USN-2714-1 (http://www.ubuntu.com/usn/USN-2714-1)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
http://rhn.redhat.com/errata/RHSA-2016-1096.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
DSA-3329 (http://www.debian.org/security/2015/dsa-3329)
[oss-security] 20150630 CVE Request: UDP checksum DoS (http://www.openwall.com/lists/oss-security/2015/06/30/13)
https://bugzilla.redhat.com/show_bug.cgi?id=1239029
http://rhn.redhat.com/errata/RHSA-2015-1787.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
SECTRACK-1032794 (http://www.securitytracker.com/id/1032794)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
USN-2684-1 (http://www.ubuntu.com/usn/USN-2684-1)
DSA-3313 (http://www.debian.org/security/2015/dsa-3313)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
USN-2681-1 (http://www.ubuntu.com/usn/USN-2681-1)
http://rhn.redhat.com/errata/RHSA-2016-0045.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
USN-2683-1 (http://www.ubuntu.com/usn/USN-2683-1)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
https://access.redhat.com/errata/RHSA-2016:1225
http://rhn.redhat.com/errata/RHSA-2016-1100.html
http://rhn.redhat.com/errata/RHSA-2015-1623.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis