[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110507

 
 

909

 
 

86504

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-1000364Date: (C)2017-06-20   (M)2018-06-27


An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.4CVSS Score : 6.2
Exploit Score: 1.4Exploit Score: 1.9
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: HIGH
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1038724
BID-99130
DSA-3886
RHSA-2017:1482
RHSA-2017:1483
RHSA-2017:1484
RHSA-2017:1485
RHSA-2017:1486
RHSA-2017:1487
RHSA-2017:1488
RHSA-2017:1489
RHSA-2017:1490
RHSA-2017:1491
RHSA-2017:1567
RHSA-2017:1616
RHSA-2017:1647
RHSA-2017:1712
https://access.redhat.com/security/cve/CVE-2017-1000364
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://kc.mcafee.com/corporate/index?page=content&id=SB10207
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://www.suse.com/security/cve/CVE-2017-1000364/
https://www.suse.com/support/kb/doc/?id=7020973

CPE    1
cpe:/o:linux:linux_kernel:4.11.5
CWE    1
CWE-119
OVAL    30
oval:org.secpod.oval:def:703671
oval:org.secpod.oval:def:703670
oval:org.secpod.oval:def:1501901
oval:org.secpod.oval:def:112489
...

© SecPod Technologies