CVE-2022-0168 There was a DOS issue in the Linux kernel's smb2_ioctl_query_info function because of an incorrect return from the memdup_user function.

A user with the CAP_SYS_ADMIN privilege can trigger this flaw when performing a remote code execution exploit on a CIFSv2 server using the “net rpc creds” command against the target. Red Hat has patched the issue in RHEL 7 and RHEL 6.7. Patches for other Linux distributions are available.

“In RHEL 7 and 6.7, a patch for the smb2_ioctl_query_info function has been applied. However, Red Hat recommends that all users of RHEL 6.7 upgrade to a supported Red Hat Enterprise Linux (RHEL) release. The issue has been assigned CVE ID CVE-2017-7407.”

CVE-2017-7405

A user with the CAP_SYS_ADMIN privilege can trigger this flaw when performing a remote code execution exploit on a CIFSv2 server using the “net rpc creds” command against the target. Red Hat has patched the issue in RHEL 7 and RHEL 6.7. Patches for other Linux distributions are available.

“In RHEL 7 and 6.7, a patch for the smb2_ioctl_query_info function has been applied. However, Red Hat recommends that all users of RHEL 6.7 upgrade to a supported Red Hat Enterprise Linux (RHEL) release. The issue has been assigned CVE ID CVE-2017-7405.”

CVE-2017-7406

The “net rpc creds” command issued by the target of a remote code execution exploit can trigger this flaw on Linux when the target is configured to use a CIFSv2 server.

“In RHEL 7 and 6.7, a patch for the smb2_ioctl_query_info function has been applied. However, Red Hat recommends that all users of RHEL 6.7 upgrade to a supported Red Hat Enterprise Linux (RHEL) release. The issue has been assigned CVE ID CVE-2017-7406.”

CVE-2017-7408

The “net rpc creds” command can be abused to create a denial of service condition in the target CIFSv2 server. Red Hat has patched the issue in RHEL 7 and RHEL 6.7. Patches for other Linux distributions are available.

“In RHEL 7 and 6.7, a patch for the smb2_ioctl_query_info function has been applied. However, Red Hat recommends that all users of RHEL 6.7 upgrade to a supported Red Hat Enterprise Linux (RHEL) release. The issue has been assigned CVE ID CVE-2017-7408.”

CVE-2018-5688

A user with the CAP_MAC_ADMIN privilege can trigger this flaw when performing a remote code execution exploit on a Mac OS client using the “net rpc creds” command against the target. Red Hat has patched the issue in RHEL 7 and RHEL 6.7. Patches for other Linux distributions are available.

“In RHEL 7 and 6.7, a patch for the smb2_ioctl_query_info function has been applied. However, Red Hat recommends that all users of RHEL 6.7 upgrade to a supported Red Hat Enterprise Linux (RHEL) release. The issue has been assigned CVE ID CVE-2017-7407.”

CVE-2018-5688 is not currently assigned an identifier by MITRE because it was discovered after CVE-2022-0168 was assigned an identifier by MITRE

CVE-2018-10933

A user with the CAP_NET_BIND_SERVICE privilege can trigger this flaw when performing a remote code execution exploit on a BIND server using the “dig” command against the target. Red Hat has patched the issue in RHEL 7 and RHEL 6.7. Patches for other Linux distributions are available.

“In RHEL 7 and 6.7, a patch for the named-checkzone function has been applied. However, Red Hat recommends that all users of RHEL 6.7 upgrade to a supported Red Hat Enterprise Linux (RHEL) release. The issue has been assigned CVE ID CVE-2017-7408.”

Both CVEs have been assigned "mitigation by disabling DNS services" as a resolution method, so it is recommended that all users disable DNS services after applying patches

Timeline

Published on: 08/26/2022 18:15:00 UTC
Last modified on: 09/01/2022 15:29:00 UTC

References