CVE-2017-15121: Input Validation
First published: Tue Dec 05 2017(Updated: )
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/articles/3158541
- https://access.redhat.com/articles/3158511
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1854
- https://bugzilla.redhat.com/show_bug.cgi?id=1520893
- http://www.securityfocus.com/bid/102128
- https://support.f5.com/csp/article/K42142782?utm_source=f5support&%3Butm_medium=RSS
Frequently Asked Questions
What is the severity of CVE-2017-15121?
CVE-2017-15121 has a moderate severity rating as it allows a non-privileged user to crash a system.
How do I fix CVE-2017-15121?
To fix CVE-2017-15121, apply the recommended updates provided by Red Hat for affected versions of Enterprise Linux.
Which versions are affected by CVE-2017-15121?
CVE-2017-15121 affects Red Hat Enterprise Linux and its derivatives, specifically versions 6.0 to 7.6.
What is the impact of CVE-2017-15121 on my system?
The impact of CVE-2017-15121 is that a system can become unresponsive and crash due to a user being able to mount a FUSE filesystem.
Is there a workaround for CVE-2017-15121?
A potential workaround for CVE-2017-15121 is to restrict non-privileged users from mounting FUSE filesystems.
- agent/references
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-15121
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0