PT-2015-5374 · Linux+5 · Linux Kernel+5

Hector Marco Gisbert

Publicado

2015-02-13

Atualizado

2019-11-05

CVE-2015-1593

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.19.1

Description The issue is related to the stack randomization feature in the Linux kernel, which uses incorrect data types for the results of bitwise left-shift operations. This makes it easier for attackers to bypass the Address Space Layout Randomization (ASLR) protection mechanism by predicting the address of the top of the stack. The problem is associated with the randomize stack top function in fs/binfmt elf.c and the stack maxrandom size function in arch/x86/mm/mmap.c.

Recommendations For Linux kernel versions prior to 3.19.1, update to version 3.19.1 or later to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2015-1186

ALT-PU-2015-1794

CESA-2015_1137

CESA-2015_1221

CESA-2019_3517

CVE-2015-1593

DLA-155-1

DSA-3170-1

MGASA-2015-0171

MGASA-2015-0172

MGASA-2015-0219

OPENSUSE-SU-2015_0713-1

OPENSUSE-SU-2015_0714-1

RHSA-2015:1137

RHSA-2015:1138

RHSA-2015:1139

RHSA-2015:1221

RHSA-2015_1137

RHSA-2015_1139

RHSA-2015_1221

RHSA-2019:3517

RHSA-2019_3517

SUSE-RU-2015:0621-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2560-1

USN-2561-1

USN-2562-1

USN-2563-1

USN-2564-1

USN-2565-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2015-5374 · Linux+5 · Linux Kernel+5

CVE-2015-1593

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 68