F5 Networks BIG-IP : Linux kernel vulnerability (K31603170)
Low Nessus Plugin ID 104108
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (CVE-2016-7097)
A local user may be allowed to gain group privileges by way of certain setgid applications.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K31603170.