PT-2017-2281 · Linux+5 · Linux Kernel+5

Publicado

2017-06-18

·

Atualizado

2018-10-18

·

CVE-2017-1000364

CVSS v3.1

7.4

Alta

VetorAV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 4.11.5
Description The issue is related to the implementation of the Stack Guard-Page mechanism in the Linux kernel, which can be exploited by moving the stack pointer to a different memory area without affecting the guard page. This can allow a local attacker to cause a denial of service (memory corruption). The problem is associated with the size of the stack guard page, which is not sufficiently large and can be bypassed.
Recommendations For Linux Kernel versions prior to 4.11.5, update to a version that includes the necessary security patches to address the stack guard page issue.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2017-1755
ALT-PU-2017-1808
ALT-PU-2017-1854
ALT-PU-2018-1991
BDU:2017-01479
CESA-2017_1484
CESA-2017_1486
CVE-2017-1000364
DLA-993-1
DSA-3886-1
DSA-3886-2
MGASA-2017-0186
MGASA-2017-0187
MGASA-2017-0188
OPENSUSE-SU-2017_1633-1
OPENSUSE-SU-2017_1685-1
RHSA-2017:1482
RHSA-2017:1483
RHSA-2017:1484
RHSA-2017:1485
RHSA-2017:1486
RHSA-2017:1487
RHSA-2017:1488
RHSA-2017:1489
RHSA-2017:1490
RHSA-2017:1491
RHSA-2017:1616
RHSA-2017:1647
RHSA-2017_1482
RHSA-2017_1484
RHSA-2017_1486
RHSA-2017_1616
SUSE-SU-2017:1613-1
SUSE-SU-2017:1615-1
SUSE-SU-2017:1617-1
SUSE-SU-2017:1618-1
SUSE-SU-2017:1628-1
SUSE-SU-2017:1696-1
SUSE-SU-2017:1704-1
SUSE-SU-2017:1706-1
SUSE-SU-2017:1707-1
SUSE-SU-2017:1735-1
SUSE-SU-2017:1903-1
SUSE-SU-2017:1904-1
SUSE-SU-2017:1905-1
SUSE-SU-2017:1906-1
SUSE-SU-2017:1907-1
SUSE-SU-2017:1908-1
SUSE-SU-2017:1909-1
SUSE-SU-2017:1910-1
SUSE-SU-2017:1911-1
SUSE-SU-2017:1912-1
SUSE-SU-2017:1913-1
SUSE-SU-2017:1914-1
SUSE-SU-2017:1915-1
SUSE-SU-2017:1922-1
SUSE-SU-2017:1923-1
SUSE-SU-2017:1924-1
SUSE-SU-2017:1925-1
SUSE-SU-2017:1937-1
SUSE-SU-2017:1939-1
SUSE-SU-2017:1941-1
SUSE-SU-2017:1942-1
SUSE-SU-2017:1943-1
SUSE-SU-2017:1944-1
SUSE-SU-2017:1945-1
SUSE-SU-2017:1946-1
SUSE-SU-2017:1990-1
SUSE-SU-2017:2342-1
SUSE-SU-2017_1615-1
SUSE-SU-2017_1617-1
SUSE-SU-2017_1618-1
SUSE-SU-2017_1628-1
SUSE-SU-2017_1905-1
SUSE-SU-2017_1906-1
SUSE-SU-2017_1909-1
SUSE-SU-2017_1910-1
SUSE-SU-2017_1912-1
SUSE-SU-2017_1915-1
SUSE-SU-2017_1922-1
SUSE-SU-2017_1924-1
SUSE-SU-2017_1937-1
SUSE-SU-2017_1939-1
SUSE-SU-2017_1941-1
SUSE-SU-2017_1942-1
SUSE-SU-2017_1943-1
SUSE-SU-2017_1944-1
SUSE-SU-2017_1945-1
SUSE-SU-2017_1946-1
USN-3324-1
USN-3325-1
USN-3326-1
USN-3327-1
USN-3328-1
USN-3329-1
USN-3330-1
USN-3331-1
USN-3332-1
USN-3333-1
USN-3334-1
USN-3335-1
USN-3335-2
USN-3338-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu