F5 Networks BIG-IP : Linux kernel vulnerability (K68852819)
Medium Nessus Plugin ID 99921
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionRace condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. (CVE-2016-10200)
An attacker with administrative command line access may be able to performa use-after-free exploit to cause a denial of service (DoS)or gain system privileges.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K68852819.