概要
Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。
說明
Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。
- 在 Linux 核心中,已解決下列弱點: f2fs: Require FMODE_WRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE.
Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. (CVE-2024-47740)
請注意,Nessus 依賴供應商報告的套件存在。
Plugin 詳細資訊
檔案名稱: unpatched_CVE_2024_47740.nasl
代理程式: unix
支援的感應器: Nessus Agent, Nessus
風險資訊
媒介: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
弱點資訊
必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched
可輕鬆利用: No known exploits are available