Vulnerability Details : CVE-2017-1000364
Public exploit exists!
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
Vulnerability category: Overflow
Products affected by CVE-2017-1000364
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1000364
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-1000364
-
Solaris RSH Stack Clash Privilege Escalation
Disclosure Date: 2017-06-19First seen: 2020-04-26exploit/solaris/local/rsh_stack_clash_priv_escThis module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack
CVSS scores for CVE-2017-1000364
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST | |
7.4
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.4
|
5.9
|
NIST |
CWE ids for CVE-2017-1000364
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000364
-
https://www.exploit-db.com/exploits/45625/
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
-
https://access.redhat.com/errata/RHSA-2017:1483
RHSA-2017:1483 - Security Advisory - Red Hat Customer Portal
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege
-
https://access.redhat.com/errata/RHSA-2017:1482
RHSA-2017:1482 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1489
RHSA-2017:1489 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1647
RHSA-2017:1647 - Security Advisory - Red Hat Customer Portal
-
https://www.suse.com/security/cve/CVE-2017-1000364/
CVE-2017-1000364 | SUSEThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1567
RHSA-2017:1567 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1491
RHSA-2017:1491 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1488
RHSA-2017:1488 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1487
RHSA-2017:1487 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2017/dsa-3886
Debian -- Security Information -- DSA-3886-1 linux
-
https://access.redhat.com/security/cve/CVE-2017-1000364
CVE-2017-1000364 - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1485
RHSA-2017:1485 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1038724
Linux Kernel Small Stack Guard Page Lets Local Users Gain Elevated Privileges - SecurityTracker
-
https://www.suse.com/support/kb/doc/?id=7020973
SUSE products and a new security bug class referred to as "Stack Clash". | Support | SUSEThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1484
RHSA-2017:1484 - Security Advisory - Red Hat Customer Portal
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10207
McAfee Security Bulletin - Threat Intelligence Exchange Server 2.1.0 Hotfix 1 update fixes Kernel related vulnerability and possible cross-site scripting attack (CVE-2017-1000364 and CVE-2017-3907)
-
http://www.securityfocus.com/bid/99130
Linux Kernel CVE-2017-1000364 Local Memory Corruption VulnerabilityIssue Tracking;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1486
RHSA-2017:1486 - Security Advisory - Red Hat Customer Portal
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
McAfee Security Bulletin - Web Gateway update fixes vulnerabilities CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and CVE-2017-1000368
-
https://access.redhat.com/errata/RHSA-2017:1616
RHSA-2017:1616 - Security Advisory - Red Hat Customer Portal
-
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1490
RHSA-2017:1490 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1712
RHSA-2017:1712 - Security Advisory - Red Hat Customer Portal
Jump to