exploitDog

CVE-2017-1000365

Опубликовано: 19 июн. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

Ссылки

http://www.debian.org/security/2017/dsa-3927
Third Party Advisory
http://www.debian.org/security/2017/dsa-3945
Third Party Advisory
http://www.securityfocus.com/bid/99156
Third Party Advisory
VDB Entry
https://access.redhat.com/security/cve/CVE-2017-1000365
Third Party Advisory
VDB Entry
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Third Party Advisory
http://www.debian.org/security/2017/dsa-3927
Third Party Advisory
http://www.debian.org/security/2017/dsa-3945
Third Party Advisory
http://www.securityfocus.com/bid/99156
Third Party Advisory
VDB Entry
https://access.redhat.com/security/cve/CVE-2017-1000365
Third Party Advisory
VDB Entry
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 2.6.23 (включая) до 3.2.91 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.3 (включая) до 3.10.108 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.11 (включая) до 3.16.46 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.17 (включая) до 3.18.59 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.19 (включая) до 4.1.43 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.2 (включая) до 4.4.75 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.35 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.11.8 (исключая)

EPSS

Процентиль: 55%

0.00326

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-1000365

CVSS3: 7.8

ubuntu

больше 8 лет назад

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

CVE-2017-1000365

CVSS3: 2.9

redhat

больше 8 лет назад

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

CVE-2017-1000365

CVSS3: 7.8

debian

больше 8 лет назад

The Linux Kernel imposes a size restriction on the arguments and envir ...

GHSA-32r2-rwm4-hqgg

CVSS3: 7.8

github

больше 3 лет назад

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

BDU:2017-01480

CVSS3: 7.8

fstec

больше 8 лет назад

Уязвимость реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 55%

0.00326

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo