SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive
various security and bugfixes. This is the last planned LTSS kernel
update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following
security bugs were fixed :

- CVE-2016-10088: The sg implementation in the Linux
kernel did not properly restrict write operations in
situations where the KERNEL_DS option is set, which
allowed local users to read or write to arbitrary kernel
memory locations or cause a denial of service
(use-after-free) by leveraging access to a /dev/sg
device, related to block/bsg.c and drivers/scsi/sg.c.
NOTE: this vulnerability exists because of an incomplete
fix for CVE-2016-9576 (bnc#1017710).

- CVE-2004-0230: TCP, when using a large Window Size, made
it easier for remote attackers to guess sequence numbers
and cause a denial of service (connection loss) to
persistent TCP connections by repeatedly injecting a TCP
RST packet, especially in protocols that use long-lived
connections, such as BGP (bnc#969340).

- CVE-2016-8632: The tipc_msg_build function in
net/tipc/msg.c in the Linux kernel did not validate the
relationship between the minimum fragment length and the
maximum packet size, which allowed local users to gain
privileges or cause a denial of service (heap-based
buffer overflow) by leveraging the CAP_NET_ADMIN
capability (bnc#1008831).

- CVE-2016-8399: An out of bounds read in the ping
protocol handler could have lead to information
disclosure (bsc#1014746).

- CVE-2016-9793: The sock_setsockopt function in
net/core/sock.c in the Linux kernel mishandled negative
values of sk_sndbuf and sk_rcvbuf, which allowed local
users to cause a denial of service (memory corruption
and system crash) or possibly have unspecified other
impact by leveraging the CAP_NET_ADMIN capability for a
crafted setsockopt system call with the (1)
SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
(bnc#1013531).

- CVE-2012-6704: The sock_setsockopt function in
net/core/sock.c in the Linux kernel mishandled negative
values of sk_sndbuf and sk_rcvbuf, which allowed local
users to cause a denial of service (memory corruption
and system crash) or possibly have unspecified other
impact by leveraging the CAP_NET_ADMIN capability for a
crafted setsockopt system call with the (1) SO_SNDBUF or
(2) SO_RCVBUF option (bnc#1013542).

- CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux
kernel did not properly initialize Code Segment (CS) in
certain error cases, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted application (bnc#1013038).

- CVE-2016-3841: The IPv6 stack in the Linux kernel
mishandled options data, which allowed local users to
gain privileges or cause a denial of service
(use-after-free and system crash) via a crafted sendmsg
system call (bnc#992566).

- CVE-2016-9685: Multiple memory leaks in error paths in
fs/xfs/xfs_attr_list.c in the Linux kernel allowed local
users to cause a denial of service (memory consumption)
via crafted XFS filesystem operations (bnc#1012832).

- CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x
provides an incomplete set of requirements for setattr
operations that underspecified removing extended
privilege attributes, which allowed local users to cause
a denial of service (capability stripping) via a failed
invocation of a system call, as demonstrated by using
chown to remove a capability from the ping or Wireshark
dumpcap program (bnc#914939).

- CVE-2015-8962: Double free vulnerability in the
sg_common_write function in drivers/scsi/sg.c in the
Linux kernel allowed local users to gain privileges or
cause a denial of service (memory corruption and system
crash) by detaching a device during an SG_IO ioctl call
(bnc#1010501).

- CVE-2016-9555: The sctp_sf_ootb function in
net/sctp/sm_statefuns.c in the Linux kernel lacked
chunk-length checking for the first chunk, which allowed
remote attackers to cause a denial of service
(out-of-bounds slab access) or possibly have unspecified
other impact via crafted SCTP data (bnc#1011685).

- CVE-2016-7910: Use-after-free vulnerability in the
disk_seqf_stop function in block/genhd.c in the Linux
kernel allowed local users to gain privileges by
leveraging the execution of a certain stop operation
even if the corresponding start operation had failed
(bnc#1010716).

- CVE-2016-7911: Race condition in the get_task_ioprio
function in block/ioprio.c in the Linux kernel allowed
local users to gain privileges or cause a denial of
service (use-after-free) via a crafted ioprio_get system
call (bnc#1010711).

- CVE-2015-8964: The tty_set_termios_ldisc function in
drivers/tty/tty_ldisc.c in the Linux kernel allowed
local users to obtain sensitive information from kernel
memory by reading a tty data structure (bnc#1010507).

- CVE-2016-7916: Race condition in the environ_read
function in fs/proc/base.c in the Linux kernel allowed
local users to obtain sensitive information from kernel
memory by reading a /proc/*/environ file during a
process-setup time interval in which
environment-variable copying is incomplete
(bnc#1010467).

- CVE-2016-8646: The hash_accept function in
crypto/algif_hash.c in the Linux kernel allowed local
users to cause a denial of service (OOPS) by attempting
to trigger use of in-kernel hash algorithms for a socket
that has received zero bytes of data (bnc#1010150).

- CVE-2016-8633: drivers/firewire/net.c in the Linux
kernel before 4.8.7, in certain unusual hardware
configurations, allowed remote attackers to execute
arbitrary code via crafted fragmented packets
(bnc#1008833).

- CVE-2016-7042: The proc_keys_show function in
security/keys/proc.c in the Linux kernel used an
incorrect buffer size for certain timeout data, which
allowed local users to cause a denial of service (stack
memory corruption and panic) by reading the /proc/keys
file (bnc#1004517).

- CVE-2016-7097: The filesystem implementation in the
Linux kernel preserves the setgid bit during a setxattr
call, which allowed local users to gain group privileges
by leveraging the existence of a setgid program with
restrictions on execute permissions (bnc#995968).

- CVE-2017-5551: The filesystem implementation in the
Linux kernel preserves the setgid bit during a setxattr
call, which allowed local users to gain group privileges
by leveraging the existence of a setgid program with
restrictions on execute permissions. This CVE tracks the
fix for the tmpfs filesystem. (bsc#1021258).

- CVE-2015-8956: The rfcomm_sock_bind function in
net/bluetooth/rfcomm/sock.c in the Linux kernel allowed
local users to obtain sensitive information or cause a
denial of service (NULL pointer dereference) via vectors
involving a bind system call on a Bluetooth RFCOMM
socket (bnc#1003925).

- CVE-2016-7117: Use-after-free vulnerability in the
__sys_recvmmsg function in net/socket.c in the Linux
kernel allowed remote attackers to execute arbitrary
code via vectors involving a recvmmsg system call that
is mishandled during error processing (bnc#1003077).

- CVE-2016-0823: The pagemap_open function in
fs/proc/task_mmu.c in the Linux kernel allowed local
users to obtain sensitive physical-address information
by reading a pagemap file, aka Android internal bug
25739721 (bnc#994759).

- CVE-2016-7425: The arcmsr_iop_message_xfer function in
drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did
not restrict a certain length field, which allowed local
users to gain privileges or cause a denial of service
(heap-based buffer overflow) via an
ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

- CVE-2016-6828: The tcp_check_send_head function in
include/net/tcp.h in the Linux kernel did not properly
maintain certain SACK state after a failed data copy,
which allowed local users to cause a denial of service
(tcp_xmit_retransmit_queue use-after-free and system
crash) via a crafted SACK option (bnc#994296).

- CVE-2016-6480: Race condition in the ioctl_send_fib
function in drivers/scsi/aacraid/commctrl.c in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds access or system crash) by changing a
certain size value, aka a 'double fetch' vulnerability
(bnc#991608).

- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt
implementation in the netfilter subsystem in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging
in-container root access to provide a crafted offset
value that leads to crossing a ruleset blob boundary
(bsc#986365).

- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel
did not reset the PIT counter values during state
restoration, which allowed guest OS users to cause a
denial of service (divide-by-zero error and host OS
crash) via a zero value, related to the
kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions
(bnc#960689).

- CVE-2013-4312: The Linux kernel allowed local users to
bypass file-descriptor limits and cause a denial of
service (memory consumption) by sending each descriptor
over a UNIX socket before closing it, related to
net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).

- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and
IP6T_SO_SET_REPLACE setsockopt implementations in the
netfilter subsystem in the Linux kernel allow local
users to gain privileges or cause a denial of service
(memory corruption) by leveraging in-container root
access to provide a crafted offset value that triggers
an unintended decrement (bnc#986362).

- CVE-2016-5829: Multiple heap-based buffer overflows in
the hiddev_ioctl_usage function in
drivers/hid/usbhid/hiddev.c in the Linux kernel allow
local users to cause a denial of service or possibly
have unspecified other impact via a crafted (1)
HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call
(bnc#986572).

- CVE-2016-4470: The key_reject_and_link function in
security/keys/key.c in the Linux kernel did not ensure
that a certain data structure is initialized, which
allowed local users to cause a denial of service (system
crash) via vectors involving a crafted keyctl request2
command (bnc#984755).

- CVE-2016-5244: The rds_inc_info_copy function in
net/rds/recv.c in the Linux kernel did not initialize a
certain structure member, which allowed remote attackers
to obtain sensitive information from kernel stack memory
by reading an RDS message (bnc#983213).

- CVE-2016-1583: The ecryptfs_privileged_open function in
fs/ecryptfs/kthread.c in the Linux kernel allowed local
users to gain privileges or cause a denial of service
(stack memory consumption) via vectors involving crafted
mmap calls for /proc pathnames, leading to recursive
pagefault handling (bnc#983143).

- CVE-2016-4913: The get_rock_ridge_filename function in
fs/isofs/rock.c in the Linux kernel mishandled NM (aka
alternate name) entries containing \0 characters, which
allowed local users to obtain sensitive information from
kernel memory or possibly have unspecified other impact
via a crafted isofs filesystem (bnc#980725).

- CVE-2016-4580: The x25_negotiate_facilities function in
net/x25/x25_facilities.c in the Linux kernel did not
properly initialize a certain data structure, which
allowed attackers to obtain sensitive information from
kernel stack memory via an X.25 Call Request
(bnc#981267).

- CVE-2016-4805: Use-after-free vulnerability in
drivers/net/ppp/ppp_generic.c in the Linux kernel
allowed local users to cause a denial of service (memory
corruption and system crash, or spinlock) or possibly
have unspecified other impact by removing a network
namespace, related to the ppp_register_net_channel and
ppp_unregister_channel functions (bnc#980371).

- CVE-2015-7833: The usbvision driver in the Linux kernel
allowed physically proximate attackers to cause a denial
of service (panic) via a nonzero bInterfaceNumber value
in a USB device descriptor (bnc#950998).

- CVE-2016-2187: The gtco_probe function in
drivers/input/tablet/gtco.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) via
a crafted endpoints value in a USB device descriptor
(bnc#971944).

- CVE-2016-4482: The proc_connectinfo function in
drivers/usb/core/devio.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted USBDEVFS_CONNECTINFO ioctl call
(bnc#978401).

- CVE-2016-4565: The InfiniBand (aka IB) stack in the
Linux kernel incorrectly relies on the write system
call, which allowed local users to cause a denial of
service (kernel memory write operation) or possibly have
unspecified other impact via a uAPI interface
(bnc#979548).

- CVE-2016-4485: The llc_cmsg_rcv function in
net/llc/af_llc.c in the Linux kernel did not initialize
a certain data structure, which allowed attackers to
obtain sensitive information from kernel stack memory by
reading a message (bnc#978821).

- CVE-2016-4578: sound/core/timer.c in the Linux kernel
did not initialize certain r1 data structures, which
allowed local users to obtain sensitive information from
kernel stack memory via crafted use of the ALSA timer
interface, related to the (1) snd_timer_user_ccallback
and (2) snd_timer_user_tinterrupt functions
(bnc#979879).

- CVE-2016-4569: The snd_timer_user_params function in
sound/core/timer.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via crafted use of the ALSA timer interface
(bnc#979213). The following non-security bugs were
fixed :

- arch/powerpc: Remove duplicate/redundant Altivec entries
(bsc#967716).

- cdc-acm: added sanity checking for probe() (bsc#993891).

- cgroups: do not attach task to subsystem if migration
failed (bnc#979274).

- cgroups: more safe tasklist locking in
cgroup_attach_proc (bnc#979274).

- dasd: fix hanging system after LCU changes (bnc#968500,
LTC#136671).

- dasd: Fix unresumed device after suspend/resume
(bnc#927287, LTC#123892).

- ipv4/fib: do not warn when primary address is missing if
in_dev is dead (bsc#971360).

- kabi, unix: properly account for FDs passed over unix
sockets (bnc#839104).

- kaweth: fix firmware download (bsc#993890).

- kaweth: fix oops upon failed memory allocation
(bsc#993890).

- kvm: x86: SYSENTER emulation is broken (bsc#994618).

- mm: thp: fix SMP race condition between THP page fault
and MADV_DONTNEED (VM Functionality, bnc#986445).

- mremap: enforce rmap src/dst vma ordering in case of
vma_merge() succeeding in copy_vma() (VM Functionality,
bsc#1008645).

- nfs4: reset states to use open_stateid when returning
delegation voluntarily (bsc#1007944).

- nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID
(bsc#989261, bsc#1011482).

- nfs: do not do blind d_drop() in nfs_prime_dcache()
(bnc#908069 bnc#896484 bsc#963053).

- nfs_prime_dcache needs fh to be set (bnc#908069
bnc#896484 bsc#963053).

- nfs: Refresh open-owner id when server says SEQID is bad
(bsc#989261).

- nfsv4: Ensure that we do not drop a state owner more
than once (bsc#979595).

- nfsv4: fix broken patch relating to v4 read delegations
(bsc#956514, bsc#989261, bsc#979595, bsc#1011482).

- nfsv4: nfs4_proc_renew should be declared static
(bnc#863873).

- nfsv4: OPEN must handle the NFS4ERR_IO return code
correctly (bsc#979595).

- nfsv4: Recovery of recalled read delegations is broken
(bsc#956514 bsc#1011482).

- nfsv4: The NFSv4.0 client must send RENEW calls if it
holds a delegation (bnc#863873).

- powerpc: Add ability to build little endian kernels
(bsc#967716).

- powerpc: Avoid load of static chain register when
calling nested functions through a pointer on 64bit
(bsc#967716).

- powerpc: Do not build assembly files with ABIv2
(bsc#967716).

- powerpc: Do not use ELFv2 ABI to build the kernel
(bsc#967716).

- powerpc: dtc is required to build dtb files
(bsc#967716).

- powerpc: Fix 64 bit builds with binutils 2.24
(bsc#967716).

- powerpc: Fix error when cross building TAGS & cscope
(bsc#967716).

- powerpc: Make the vdso32 also build big-endian
(bsc#967716).

- powerpc: Remove altivec fix for gcc versions before 4.0
(bsc#967716).

- powerpc: Remove buggy 9-year-old test for binutils

- powerpc: Require gcc 4.0 on 64-bit (bsc#967716).

- ppp: defer netns reference release for ppp channel
(bsc#980371).

- qeth: delete napi struct when removing a qeth device
(bnc#979915, LTC#143590).

- qeth: Fix crash on initial MTU size change (bnc#835175,
LTC#96809).

- qeth: postpone freeing of qdio memory (bnc#874145,
LTC#107873).

- rpm/kernel-binary.spec.in: Export a make-stderr.log file
(bsc#1012422)

- Revert 's390/mm: fix asce_bits handling with dynamic
pagetable levels' This reverts commit
6e00b1d803fa2ab4b130e04b7fbcc99f0b5ecba8.

- rpm/config.sh: Set the release string to 0.7.<release>
(bsc#997059)

- rpm/mkspec: Read a default release string from
rpm/config.sh (bsc997059)

- s390/dasd: fix failfast for disconnected devices
(bnc#958000, LTC#135138).

- s390/dasd: fix hanging device after clear subchannel
(bnc#994436, LTC#144640).

- s390/dasd: fix kernel panic when alias is set offline
(bnc#940966, LTC#128595).

- s390/dasd: fix list_del corruption after lcu changes
(bnc#954984, LTC#133077).

- s390/mm: fix asce_bits handling with dynamic pagetable
levels (bnc#979915, LTC#141456). Conflicts:
&#9;series.conf

- s390/pageattr: do a single TLB flush for
change_page_attr (bsc#1009443,LTC#148182).

- Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n
on all platforms The specfile adjusts the config if
necessary, but a new version of run_oldconfig.sh
requires the settings to be present in the repository.

- usb: fix typo in wMaxPacketSize validation (bsc#991665).

- usb: validate wMaxPacketValue entries in endpoint
descriptors (bnc#991665).</release>

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1003077
https://bugzilla.suse.com/1003925
https://bugzilla.suse.com/1004517
https://bugzilla.suse.com/1007944
https://bugzilla.suse.com/1008645
https://bugzilla.suse.com/1008831
https://bugzilla.suse.com/1008833
https://bugzilla.suse.com/1009443
https://bugzilla.suse.com/1010150
https://bugzilla.suse.com/1010467
https://bugzilla.suse.com/1010501
https://bugzilla.suse.com/1010507
https://bugzilla.suse.com/1010711
https://bugzilla.suse.com/1010716
https://bugzilla.suse.com/1011482
https://bugzilla.suse.com/1011685
https://bugzilla.suse.com/1012422
https://bugzilla.suse.com/1012832
https://bugzilla.suse.com/1013038
https://bugzilla.suse.com/1013531
https://bugzilla.suse.com/1013542
https://bugzilla.suse.com/1014746
https://bugzilla.suse.com/1017710
https://bugzilla.suse.com/1021258
https://bugzilla.suse.com/835175
https://bugzilla.suse.com/839104
https://bugzilla.suse.com/863873
https://bugzilla.suse.com/874145
https://bugzilla.suse.com/896484
https://bugzilla.suse.com/908069
https://bugzilla.suse.com/914939
https://bugzilla.suse.com/922947
https://bugzilla.suse.com/927287
https://bugzilla.suse.com/940966
https://bugzilla.suse.com/950998
https://bugzilla.suse.com/954984
https://bugzilla.suse.com/956514
https://bugzilla.suse.com/958000
https://bugzilla.suse.com/960689
https://bugzilla.suse.com/963053
https://bugzilla.suse.com/967716
https://bugzilla.suse.com/968500
https://bugzilla.suse.com/969340
https://bugzilla.suse.com/971360
https://bugzilla.suse.com/971944
https://bugzilla.suse.com/978401
https://bugzilla.suse.com/978821
https://bugzilla.suse.com/979213
https://bugzilla.suse.com/979274
https://bugzilla.suse.com/979548
https://bugzilla.suse.com/979595
https://bugzilla.suse.com/979879
https://bugzilla.suse.com/979915
https://bugzilla.suse.com/980363
https://bugzilla.suse.com/980371
https://bugzilla.suse.com/980725
https://bugzilla.suse.com/981267
https://bugzilla.suse.com/983143
https://bugzilla.suse.com/983213
https://bugzilla.suse.com/984755
https://bugzilla.suse.com/986362
https://bugzilla.suse.com/986365
https://bugzilla.suse.com/986445
https://bugzilla.suse.com/986572
https://bugzilla.suse.com/989261
https://bugzilla.suse.com/991608
https://bugzilla.suse.com/991665
https://bugzilla.suse.com/992566
https://bugzilla.suse.com/993890
https://bugzilla.suse.com/993891
https://bugzilla.suse.com/994296
https://bugzilla.suse.com/994436
https://bugzilla.suse.com/994618
https://bugzilla.suse.com/994759
https://bugzilla.suse.com/995968
https://bugzilla.suse.com/997059
https://bugzilla.suse.com/999932
https://www.suse.com/security/cve/CVE-2004-0230.html
https://www.suse.com/security/cve/CVE-2012-6704.html
https://www.suse.com/security/cve/CVE-2013-4312.html
https://www.suse.com/security/cve/CVE-2015-1350.html
https://www.suse.com/security/cve/CVE-2015-7513.html
https://www.suse.com/security/cve/CVE-2015-7833.html
https://www.suse.com/security/cve/CVE-2015-8956.html
https://www.suse.com/security/cve/CVE-2015-8962.html
https://www.suse.com/security/cve/CVE-2015-8964.html
https://www.suse.com/security/cve/CVE-2016-0823.html
https://www.suse.com/security/cve/CVE-2016-10088.html
https://www.suse.com/security/cve/CVE-2016-1583.html
https://www.suse.com/security/cve/CVE-2016-2187.html
https://www.suse.com/security/cve/CVE-2016-2189.html
https://www.suse.com/security/cve/CVE-2016-3841.html
https://www.suse.com/security/cve/CVE-2016-4470.html
https://www.suse.com/security/cve/CVE-2016-4482.html
https://www.suse.com/security/cve/CVE-2016-4485.html
https://www.suse.com/security/cve/CVE-2016-4565.html
https://www.suse.com/security/cve/CVE-2016-4569.html
https://www.suse.com/security/cve/CVE-2016-4578.html
https://www.suse.com/security/cve/CVE-2016-4580.html
https://www.suse.com/security/cve/CVE-2016-4805.html
https://www.suse.com/security/cve/CVE-2016-4913.html
https://www.suse.com/security/cve/CVE-2016-4997.html
https://www.suse.com/security/cve/CVE-2016-4998.html
https://www.suse.com/security/cve/CVE-2016-5244.html
https://www.suse.com/security/cve/CVE-2016-5829.html
https://www.suse.com/security/cve/CVE-2016-6480.html
https://www.suse.com/security/cve/CVE-2016-6828.html
https://www.suse.com/security/cve/CVE-2016-7042.html
https://www.suse.com/security/cve/CVE-2016-7097.html
https://www.suse.com/security/cve/CVE-2016-7117.html
https://www.suse.com/security/cve/CVE-2016-7425.html
https://www.suse.com/security/cve/CVE-2016-7910.html
https://www.suse.com/security/cve/CVE-2016-7911.html
https://www.suse.com/security/cve/CVE-2016-7916.html
https://www.suse.com/security/cve/CVE-2016-8399.html
https://www.suse.com/security/cve/CVE-2016-8632.html
https://www.suse.com/security/cve/CVE-2016-8633.html
https://www.suse.com/security/cve/CVE-2016-8646.html
https://www.suse.com/security/cve/CVE-2016-9555.html
https://www.suse.com/security/cve/CVE-2016-9685.html
https://www.suse.com/security/cve/CVE-2016-9756.html
https://www.suse.com/security/cve/CVE-2016-9793.html
https://www.suse.com/security/cve/CVE-2017-5551.html
http://www.nessus.org/u?d64149fa

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch
slessp2-kernel-12961=1

SUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch
dbgsp2-kernel-12961=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true