Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-1000365

Опубликовано: 19 июн. 2017
Источник: redhat
CVSS3: 2.9
EPSS Низкий

Описание

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelAffected
Red Hat Enterprise Linux 6kernelAffected
Red Hat Enterprise Linux 7kernelAffected
Red Hat Enterprise Linux 7kernel-altAffected
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise MRG 2realtime-kernelAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1462147kernel: RLIMIT_STACK/RLIMIT_INFINITY string size limitation bypass

EPSS

Процентиль: 25%
0.00082
Низкий

2.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-1000365

CVSS3: 7.8
ubuntu
больше 8 лет назад

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

nvd логотип

CVE-2017-1000365

CVSS3: 7.8
nvd
больше 8 лет назад

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

debian логотип

CVE-2017-1000365

CVSS3: 7.8
debian
больше 8 лет назад

The Linux Kernel imposes a size restriction on the arguments and envir ...

github логотип

GHSA-32r2-rwm4-hqgg

CVSS3: 7.8
github
больше 3 лет назад

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

fstec логотип

BDU:2017-01480

CVSS3: 7.8
fstec
больше 8 лет назад

Уязвимость реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.00082
Низкий

2.9 Low

CVSS3

Уязвимость CVE-2017-1000365