CVE-2017-1000364: Buffer Overflow
First published: Wed Jun 14 2017(Updated: )
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a tracking bug for the kernel part of the mitigation. Upstream kernel patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1be7107fbe18eed3e319a6c3e83c78254b693acb">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1be7107fbe18eed3e319a6c3e83c78254b693acb</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.18-348.33.2.el5 | 0:2.6.18-348.33.2.el5 |
| redhat/kernel | <0:2.6.18-420.el5 | 0:2.6.18-420.el5 |
| redhat/kernel | <0:2.6.32-696.3.2.el6 | 0:2.6.32-696.3.2.el6 |
| redhat/kernel | <0:2.6.32-220.72.2.el6 | 0:2.6.32-220.72.2.el6 |
| redhat/kernel | <0:2.6.32-358.79.2.el6 | 0:2.6.32-358.79.2.el6 |
| redhat/kernel | <0:2.6.32-431.80.2.el6 | 0:2.6.32-431.80.2.el6 |
| redhat/kernel | <0:2.6.32-504.60.2.el6 | 0:2.6.32-504.60.2.el6 |
| redhat/kernel | <0:2.6.32-573.42.2.el6 | 0:2.6.32-573.42.2.el6 |
| redhat/kernel-rt | <0:3.10.0-514.26.1.rt56.442.el7 | 0:3.10.0-514.26.1.rt56.442.el7 |
| redhat/kernel | <0:3.10.0-514.21.2.el7 | 0:3.10.0-514.21.2.el7 |
| redhat/kernel | <0:3.10.0-327.55.2.el7 | 0:3.10.0-327.55.2.el7 |
| redhat/kernel-rt | <1:3.10.0-514.rt56.228.el6 | 1:3.10.0-514.rt56.228.el6 |
| Linux Linux kernel | <=4.11.5 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2017-1000364 https://nvd.nist.gov/vuln/detail/CVE-2017-1000364 https://access.redhat.com/security/vulnerabilities/stackguard https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=1461333
- https://access.redhat.com/errata/RHSA-2017:1567
- https://access.redhat.com/errata/RHSA-2017:1483
- https://access.redhat.com/errata/RHSA-2017:1482
- https://access.redhat.com/errata/RHSA-2017:1486
- https://access.redhat.com/errata/RHSA-2017:1491
- https://access.redhat.com/errata/RHSA-2017:1490
- https://access.redhat.com/errata/RHSA-2017:1489
- https://access.redhat.com/errata/RHSA-2017:1488
- https://access.redhat.com/errata/RHSA-2017:1487
- https://access.redhat.com/errata/RHSA-2017:1616
- https://access.redhat.com/errata/RHSA-2017:1484
- https://access.redhat.com/errata/RHSA-2017:1485
- https://access.redhat.com/errata/RHSA-2017:1647
- https://access.redhat.com/security/cve/CVE-2017-1000364
- http://www.debian.org/security/2017/dsa-3886
- http://www.securityfocus.com/bid/99130
- http://www.securitytracker.com/id/1038724
- https://access.redhat.com/errata/RHSA-2017:1712
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://kc.mcafee.com/corporate/index?page=content&id=SB10207
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
- https://www.exploit-db.com/exploits/45625/
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://www.suse.com/security/cve/CVE-2017-1000364/
- https://www.suse.com/support/kb/doc/?id=7020973
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
- https://kc.mcafee.com/corporate/index?page=content&id=SB10207
- https://launchpad.net/bugs/cve/CVE-2017-1000364
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1be7107fbe18eed3e319a6c3e83c78254b693acb
- https://access.redhat.com/security/vulnerabilities/stackguard
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1462819
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1464237
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1464185
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000366
- https://security-tracker.debian.org/tracker/CVE-2017-1000364
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000364
- https://ubuntu.com/security/CVE-2017-1000364
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-1000364
- agent/author
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.11.5
- package-manager/debian