gsd-2017-1000379
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2017-1000379", "description": "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.", "id": "GSD-2017-1000379", "references": [ "https://www.suse.com/security/cve/CVE-2017-1000379.html", "https://access.redhat.com/errata/RHSA-2017:1842", "https://access.redhat.com/errata/RHSA-2017:1647", "https://access.redhat.com/errata/RHSA-2017:1616", "https://access.redhat.com/errata/RHSA-2017:1491", "https://access.redhat.com/errata/RHSA-2017:1490", "https://access.redhat.com/errata/RHSA-2017:1489", "https://access.redhat.com/errata/RHSA-2017:1488", "https://access.redhat.com/errata/RHSA-2017:1487", "https://access.redhat.com/errata/RHSA-2017:1486", "https://access.redhat.com/errata/RHSA-2017:1485", "https://access.redhat.com/errata/RHSA-2017:1484", "https://access.redhat.com/errata/RHSA-2017:1482", "https://security.archlinux.org/CVE-2017-1000379", "https://packetstormsecurity.com/files/cve/CVE-2017-1000379" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-1000379" ], "details": "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.", "id": "GSD-2017-1000379", "modified": "2023-12-13T01:21:02.163933Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000379", "REQUESTER": "qsa@qualys.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1491", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1491" }, { "name": "RHSA-2017:1486", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1486" }, { "name": "RHSA-2017:1489", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1489" }, { "name": "RHSA-2017:1490", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1490" }, { "name": "https://access.redhat.com/security/cve/CVE-2017-1000379", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/cve/CVE-2017-1000379" }, { "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource": "MISC", "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" }, { "name": "RHSA-2017:1482", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1482" }, { "name": "RHSA-2017:1647", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1647" }, { "name": "99284", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99284" }, { "name": "42275", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42275/" }, { "name": "RHSA-2017:1616", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1616" }, { "name": "RHSA-2017:1712", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1712" }, { "name": "RHSA-2017:1487", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1487" }, { "name": "RHSA-2017:1484", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1484" }, { "name": "RHSA-2017:1842", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1842" }, { "name": "RHSA-2017:1485", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1485" }, { "name": "RHSA-2017:1488", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1488" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.107", "versionStartIncluding": "3.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.90", "versionStartIncluding": "2.6.12", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.16.45", "versionStartIncluding": "3.11", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.18.58", "versionStartIncluding": "3.17", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.42", "versionStartIncluding": "3.19", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.74", "versionStartIncluding": "4.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.9.34", "versionStartIncluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.11.7", "versionStartIncluding": "4.10", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000379" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" }, { "name": "https://access.redhat.com/security/cve/CVE-2017-1000379", "refsource": "CONFIRM", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://access.redhat.com/security/cve/CVE-2017-1000379" }, { "name": "99284", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99284" }, { "name": "42275", "refsource": "EXPLOIT-DB", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/42275/" }, { "name": "RHSA-2017:1842", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1842" }, { "name": "RHSA-2017:1712", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1712" }, { "name": "RHSA-2017:1647", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1647" }, { "name": "RHSA-2017:1616", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1616" }, { "name": "RHSA-2017:1491", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1491" }, { "name": "RHSA-2017:1490", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1490" }, { "name": "RHSA-2017:1489", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1489" }, { "name": "RHSA-2017:1488", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1488" }, { "name": "RHSA-2017:1487", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1487" }, { "name": "RHSA-2017:1486", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1486" }, { "name": "RHSA-2017:1485", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1485" }, { "name": "RHSA-2017:1484", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1484" }, { "name": "RHSA-2017:1482", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1482" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } }, "lastModifiedDate": "2023-01-17T21:03Z", "publishedDate": "2017-06-19T16:29Z" } } }
Loading...