Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-1000365

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

Source

Severity Medium

Remote No

Type Insufficient validation

Description

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

AVG-312 linux-lts 4.9.33-1 Medium Vulnerable

AVG-323 linux 4.11.6-3 4.12.1-1 Medium Fixed

AVG-321 linux-hardened 4.11.6.d-1 4.15.15.a-1 Medium Fixed

AVG-311 linux-zen 4.11.6-3 4.14-1 Medium Fixed

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=98da7d08850fb8bdeb395d6368ed15753304aa0c

Fixed in v4.12

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect