[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-1000364Date: (C)2017-06-20   (M)2024-01-04


An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.4CVSS Score : 6.2
Exploit Score: 1.4Exploit Score: 1.9
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: HIGH
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1038724
EXPLOIT-DB-45625
BID-99130
DSA-3886
RHSA-2017:1482
RHSA-2017:1483
RHSA-2017:1484
RHSA-2017:1485
RHSA-2017:1486
RHSA-2017:1487
RHSA-2017:1488
RHSA-2017:1489
RHSA-2017:1490
RHSA-2017:1491
RHSA-2017:1567
RHSA-2017:1616
RHSA-2017:1647
RHSA-2017:1712
https://access.redhat.com/security/cve/CVE-2017-1000364
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://kc.mcafee.com/corporate/index?page=content&id=SB10207
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://www.suse.com/security/cve/CVE-2017-1000364/
https://www.suse.com/support/kb/doc/?id=7020973

CPE    1
cpe:/o:linux:linux_kernel:4.11.5
CWE    1
CWE-119
OVAL    39
oval:org.secpod.oval:def:89045009
oval:org.secpod.oval:def:703671
oval:org.secpod.oval:def:703658
oval:org.secpod.oval:def:703663
...

© SecPod Technologies