Vulnerability CVE-2017-1000379


Published: 2017-06-19

Description:
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Linux 'ldso_hwcap_64' Local Root Stack Clash Exploit
Qualys
29.06.2017

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Linux
Product: Linux kernel 
Version: 4.11.5;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/99284
https://access.redhat.com/errata/RHSA-2017:1482
https://access.redhat.com/errata/RHSA-2017:1484
https://access.redhat.com/errata/RHSA-2017:1485
https://access.redhat.com/errata/RHSA-2017:1486
https://access.redhat.com/errata/RHSA-2017:1487
https://access.redhat.com/errata/RHSA-2017:1488
https://access.redhat.com/errata/RHSA-2017:1489
https://access.redhat.com/errata/RHSA-2017:1490
https://access.redhat.com/errata/RHSA-2017:1491
https://access.redhat.com/errata/RHSA-2017:1616
https://access.redhat.com/errata/RHSA-2017:1647
https://access.redhat.com/errata/RHSA-2017:1712
https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/security/cve/CVE-2017-1000379
https://www.exploit-db.com/exploits/42275/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Related CVE
CVE-2017-16914
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP pa...
CVE-2017-16913
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a spec...
CVE-2017-16912
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
CVE-2017-16911
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
CVE-2018-6412
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
CVE-2017-18079
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is va...
CVE-2018-5750
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree ...

Copyright 2018, cxsecurity.com

 

Back to Top