Published: 27/04/2016 Updated: 12/09/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel up to and including 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
canonical ubuntu linux 15.10
canonical ubuntu linux 14.04
novell suse linux enterprise module for public cloud 12.0
novell suse linux enterprise server 12.0
novell suse linux enterprise live patching 12.0
novell suse linux enterprise real time extension 12.0
novell suse linux enterprise desktop 12.0
novell suse linux enterprise workstation extension 12.0
novell suse linux enterprise software development kit 12.0
linux linux kernel

Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Sec ...

An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption (CVE-2016-3135) In the mark_source_chains function (net/ipv4/netfilter/ip_tablesc) it is possible for a user-supplied ipt_entry structure to have a large next_offset field T ...

A weakness was found in the Linux ASLR implementation Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited ...

Several security issues were fixed in the kernel ...

Source: hmarcoorg/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLRhtml CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Authors: Hector Marco & Ismael Ripoll CVE: CVE-2016-3672 Dates: April 2016 Description We have fixed an old and very known weakness in the Linux ASLR implementation Any user able to r ...

Nortek Linear eMerge E3 Access Controller versions 100-06 and below SSH/FTP remote root exploit ...

FaceSentry Access Control System version 648 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456 The root privilege escalation is done by abusing the insecure sudoers entry file ...

CWE-254 https://bugzilla.redhat.com/show_bug.cgi?id=1324749 https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb http://www.ubuntu.com/usn/USN-2997-1 http://www.ubuntu.com/usn/USN-2996-1 http://www.ubuntu.com/usn/USN-3000-1 http://www.ubuntu.com/usn/USN-2998-1 http://www.ubuntu.com/usn/USN-3002-1 http://www.ubuntu.com/usn/USN-3003-1 http://www.ubuntu.com/usn/USN-3001-1 http://www.ubuntu.com/usn/USN-3004-1 http://www.ubuntu.com/usn/USN-2989-1 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://www.securityfocus.com/bid/85884 http://www.debian.org/security/2016/dsa-3607 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis http://seclists.org/fulldisclosure/2016/Apr/26 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html https://www.exploit-db.com/exploits/39669/http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html http://www.securitytracker.com/id/1035506 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:0676 http://www.securityfocus.com/archive/1/537996/100/0/threaded https://access.redhat.com/errata/RHSA-2018:0676 https://nvd.nist.gov https://www.exploit-db.com/exploits/39669/https://usn.ubuntu.com/3003-1/https://www.debian.org/security/./dsa-3607

CVE-2016-3672

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect