Skip to main content

Util Linux CVE-2016-5011

MEDIUM
2017-04-11 secalert@redhat.com
4.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 11, 2017 - 15:59 cve.org
MEDIUM 4.6

DescriptionCVE.org

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

AnalysisAI

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. Affected products include: Kernel Util-Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-5224 CRITICAL
9.8 Aug 23

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name coll

CVE-2021-37600 MEDIUM POC
5.5 Jul 30

An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use

CVE-2024-28085 LOW POC
3.3 Mar 27

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to othe

CVE-2014-9114 HIGH
7.8 Mar 31

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Rated high severity (CVSS 7.8), this v

CVE-2016-2779 HIGH
7.8 Feb 07

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes

CVE-2018-7738 HIGH
7.8 Mar 07

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands

CVE-2015-5218 LOW POC
2.1 Nov 09

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of servi

CVE-2022-0563 MEDIUM
5.5 Feb 21

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. Rated medium severity (C

CVE-2026-27456 MEDIUM
4.7 Apr 03

Unauthorized read access to root-owned files via TOCTOU race condition in util-linux mount binary (versions prior to 2.4

CVE-2013-0157 LOW
2.1 Jan 21

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the ex

Share

CVE-2016-5011 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy