Main Vulnerability Database Vulnerabilities #VU28384

Permissions, Privileges, and Access Controls in Linux kernel - CVE-2015-7442

Published: January 2, 2016 / Updated: June 1, 2020

Vulnerability identifier: #VU28384

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-7442

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.

How to mitigate CVE-2015-7442

Install update from vendor's website.

Sources

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.85
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.166
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.142

Permissions, Privileges, and Access Controls in Linux kernel - CVE-2015-7442

Detailed vulnerability description

How to mitigate CVE-2015-7442

Sources

Please verify you're human