CVE-2017-1000365

HIGH

Description

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

References

http://www.debian.org/security/2017/dsa-3927

http://www.debian.org/security/2017/dsa-3945

http://www.securityfocus.com/bid/99156

https://access.redhat.com/security/cve/CVE-2017-1000365

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Details

Source: MITRE

Published: 2017-06-19

Updated: 2017-11-04

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (39 total)

ID	Name	Product	Family	Severity
124823	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)	Nessus	Huawei Local Security Checks	high
124821	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)	Nessus	Huawei Local Security Checks	high
121098	Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-075)	Nessus	Virtuozzo Local Security Checks	high
121097	Virtuozzo 7 : readykernel-patch (VZA-2018-072)	Nessus	Virtuozzo Local Security Checks	high
106469	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)	Nessus	OracleVM Local Security Checks	critical
105248	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)	Nessus	OracleVM Local Security Checks	high
105247	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
105147	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)	Nessus	OracleVM Local Security Checks	high
105145	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
105144	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
104374	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2920-1) (KRACK) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
104271	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2908-1) (KRACK) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
104100	Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)	Nessus	Junos Local Security Checks	high
103404	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0152) (BlueBorne) (Stack Clash)	Nessus	OracleVM Local Security Checks	high
103402	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622) (BlueBorne) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
103401	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621) (BlueBorne) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
103363	Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)	Nessus	Debian Local Security Checks	high
103354	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)	Nessus	SuSE Local Security Checks	critical
103110	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)	Nessus	SuSE Local Security Checks	high
102997	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1159)	Nessus	Huawei Local Security Checks	critical
102774	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)	Nessus	OracleVM Local Security Checks	critical
102773	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
102550	Debian DSA-3945-1 : linux - security update (Stack Clash)	Nessus	Debian Local Security Checks	high
102525	Ubuntu 14.04 LTS : linux-lts-xenial regression (USN-3392-2) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
102524	Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression (USN-3392-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
102261	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3381-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
102211	Debian DSA-3927-1 : linux - security update (Stack Clash)	Nessus	Debian Local Security Checks	high
102198	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3378-2) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
102197	Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3378-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
102196	Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3377-2) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
102195	Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3377-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
101762	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1853-1) (Stack Clash)	Nessus	SuSE Local Security Checks	high
101723	Fedora 26 : kernel (2017-d3ed702fe4) (Stack Clash)	Nessus	Fedora Local Security Checks	high
101348	openSUSE Security Update : the Linux Kernel (openSUSE-2017-798) (Stack Clash)	Nessus	SuSE Local Security Checks	high
101170	Slackware 14.2 / current : kernel (SSA:2017-181-02) (Stack Clash)	Nessus	Slackware Local Security Checks	high
101115	Slackware 14.1 : Slackware 14.1 kernel (SSA:2017-180-01) (Stack Clash)	Nessus	Slackware Local Security Checks	high
101068	Fedora 24 : kernel (2017-05f10e29f4) (Stack Clash)	Nessus	Fedora Local Security Checks	high
101051	Slackware 14.2 / current : kernel (SSA:2017-177-01) (Stack Clash)	Nessus	Slackware Local Security Checks	high
101037	Fedora 25 : kernel (2017-d7bc1b3056) (Stack Clash)	Nessus	Fedora Local Security Checks	high