Main Vulnerability Database Exploits ID:1813 - Exploit for Memory corruption in Oracle Linux and Oracle VM Server for x86 - CVE-2016-4997

ID:1813 - Exploit for Memory corruption in Oracle Linux and Oracle VM Server for x86 - CVE-2016-4997

Published: March 18, 2020

Vulnerability identifier: #VU27

Vulnerability risk: High

CVE-ID: CVE-2016-4997

CWE-ID: CWE-119

Exploitation vector: Local access

Vulnerable software:
Oracle Linux
Oracle VM Server for x86

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/local/netfilter_priv_esc_ipv4

Vulnerability description

The vulnerability allows a local user to obtain elevated privileges on the target system.

The vulnerability exists due to a memory corruption error in the IPT_SO_SET_REPLACE compat_setsockopt() function.

Successful exploitation of this vulnerability may lead to arbitrary code execution with kernel-level privileges.

Remediation

The vendor has issued a fix (3.14.73, 4.4.14, 4.6.3).

ID:1813 - Exploit for Memory corruption in Oracle Linux and Oracle VM Server for x86 - CVE-2016-4997

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human