Vulnerability CVE-2017-1000379


Published: 2017-06-19

Description:
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Linux 'ldso_hwcap_64' Local Root Stack Clash Exploit
Qualys
29.06.2017

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Linux
Product: Linux kernel 
Version: 4.11.5;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/99284
https://access.redhat.com/errata/RHSA-2017:1482
https://access.redhat.com/errata/RHSA-2017:1484
https://access.redhat.com/errata/RHSA-2017:1485
https://access.redhat.com/errata/RHSA-2017:1486
https://access.redhat.com/errata/RHSA-2017:1487
https://access.redhat.com/errata/RHSA-2017:1488
https://access.redhat.com/errata/RHSA-2017:1489
https://access.redhat.com/errata/RHSA-2017:1490
https://access.redhat.com/errata/RHSA-2017:1491
https://access.redhat.com/errata/RHSA-2017:1616
https://access.redhat.com/errata/RHSA-2017:1647
https://access.redhat.com/errata/RHSA-2017:1712
https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/security/cve/CVE-2017-1000379
https://www.exploit-db.com/exploits/42275/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Related CVE
CVE-2017-18270
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
CVE-2018-11232
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2018-1087
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS ...
CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel ...
CVE-2018-1130
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
CVE-2018-10940
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
CVE-2018-10675
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-10323
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.

Copyright 2018, cxsecurity.com

 

Back to Top