CVE-2017-1000374
First published: Mon Jun 19 2017(Updated: )
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetBSD current | <=7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1000374?
CVE-2017-1000374 has a high severity rating due to its potential for arbitrary code execution.
How do I fix CVE-2017-1000374?
To fix CVE-2017-1000374, update to NetBSD version 7.2 or later to ensure the stack guard page is properly implemented.
Which versions of NetBSD are affected by CVE-2017-1000374?
CVE-2017-1000374 affects NetBSD 7.1 and possibly earlier versions.
What type of attack does CVE-2017-1000374 enable?
CVE-2017-1000374 enables attackers to bypass stack guard protections, potentially leading to arbitrary code execution.
What are setuid binaries in the context of CVE-2017-1000374?
Setuid binaries are programs that run with the privileges of the file owner, which can be exploited in the context of CVE-2017-1000374 for gaining elevated access.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/7.1