Vulnerabilities > CVE-2017-1000364 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

047910
CVSS 6.2 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
high complexity
linux
CWE-119
nessus
exploit available
metasploit

Summary

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Vulnerable Configurations

Part Description Count
OS
Linux
2648

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

descriptionSolaris - RSH Stack Clash Privilege Escalation (Metasploit). CVE-2017-1000364,CVE-2017-3629,CVE-2017-3630,CVE-2017-3631. Local exploit for Solaris platform. ...
fileexploits/solaris/local/45625.rb
idEDB-ID:45625
last seen2018-11-27
modified2018-10-16
platformsolaris
port
published2018-10-16
reporterExploit-DB
sourcehttps://old.exploit-db.com/download/45625/
titleSolaris - RSH Stack Clash Privilege Escalation (Metasploit)
typelocal

Metasploit

descriptionThis module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful. This module has been tested successfully on Solaris 11.1 (x86) and Solaris 11.3 (x86).
idMSF:EXPLOIT/SOLARIS/LOCAL/RSH_STACK_CLASH_PRIV_ESC
last seen2020-06-13
modified2019-01-10
published2018-09-18
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/solaris/local/rsh_stack_clash_priv_esc.rb
titleSolaris RSH Stack Clash Privilege Escalation

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1628-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: The default stack guard page was too small and could be
    last seen2020-06-01
    modified2020-06-02
    plugin id100954
    published2017-06-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100954
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:1628-1) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:1628-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100954);
      script_version("3.15");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2017-1000364");
    
      script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:1628-1) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
    security and bugfixes. The following security bugs were fixed :
    
      - CVE-2017-1000364: The default stack guard page was too
        small and could be 'jumped over' by userland programs
        using more than one page of stack in functions and so
        lead to memory corruption. This update extends the stack
        guard page to 1 MB (for 4k pages) and 16 MB (for 64k
        pages) to reduce this attack vector. This is not a
        kernel bugfix, but a hardening measure against this kind
        of userland attack.(bsc#1039348)
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1018074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1035920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000364/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20171628-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?86a5c7f1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-kernel-13160=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-kernel-13160=1
    
    SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
    slexsp3-kernel-13160=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-kernel-13160=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'rsh_stack_clash_priv_esc.rb');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/21");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"kernel-default-man-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-devel-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-source-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-syms-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-devel-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-104.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-104.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1491.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. Bug Fix(es) : * Previously, a kernel panic occurred when the mcelog daemon executed a huge page memory offline. This update fixes the HugeTLB feature of the Linux kernel to check for the Page Table Entry (PTE) NULL pointer in the page_check_address() function. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1444342) * Previously, the kdump mechanism was trying to get the lock by the vmalloc_sync_all() function during a kernel panic. Consequently, a deadlock occurred, and the crashkernel did not boot. This update fixes the vmalloc_sync_all() function to avoid synchronizing the vmalloc area on the crashing CPU. As a result, the crashkernel parameter now boots as expected, and the kernel dump is collected successfully under the described circumstances. (BZ#1443494)
    last seen2020-06-01
    modified2020-06-02
    plugin id100901
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100901
    titleRHEL 6 : kernel (RHSA-2017:1491) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:1491. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100901);
      script_version("3.26");
      script_cvs_date("Date: 2019/10/24 15:35:43");
    
      script_cve_id("CVE-2017-1000364", "CVE-2017-1000379");
      script_xref(name:"RHSA", value:"2017:1491");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2017:1491) (Stack Clash)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 6.2
    Advanced Update Support.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * A flaw was found in the way memory was being allocated on the stack
    for user space binaries. If heap (or different memory region) and
    stack memory regions were adjacent to each other, an attacker could
    use this flaw to jump over the stack guard gap, cause controlled
    memory corruption on process stack or the adjacent memory region, and
    thus increase their privileges on the system. This is a kernel-side
    mitigation which increases the stack guard gap size from one page to 1
    MiB to make successful exploitation of this issue more difficult.
    (CVE-2017-1000364, Important)
    
    Red Hat would like to thank Qualys Research Labs for reporting this
    issue.
    
    Bug Fix(es) :
    
    * Previously, a kernel panic occurred when the mcelog daemon executed
    a huge page memory offline. This update fixes the HugeTLB feature of
    the Linux kernel to check for the Page Table Entry (PTE) NULL pointer
    in the page_check_address() function. As a result, the kernel panic no
    longer occurs under the described circumstances. (BZ#1444342)
    
    * Previously, the kdump mechanism was trying to get the lock by the
    vmalloc_sync_all() function during a kernel panic. Consequently, a
    deadlock occurred, and the crashkernel did not boot. This update fixes
    the vmalloc_sync_all() function to avoid synchronizing the vmalloc
    area on the crashing CPU. As a result, the crashkernel parameter now
    boots as expected, and the kernel dump is collected successfully under
    the described circumstances. (BZ#1443494)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/vulnerabilities/stackguard"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:1491"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-1000364"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-1000379"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'rsh_stack_clash_priv_esc.rb');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/20");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.2", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-1000364", "CVE-2017-1000379");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2017:1491");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:1491";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-devel-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-doc-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-firmware-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-headers-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-2.6.32-220.72.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-220.72.2.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-993.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured. CVE-2017-7645 Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations are vulnerable to an out-of-bounds memory access issue while processing arbitrarily long arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of service. CVE-2017-7895 Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations do not properly handle payload bounds checking of WRITE requests. A remote attacker with write access to a NFS mount can take advantage of this flaw to read chunks of arbitrary memory from both kernel-space and user-space. CVE-2017-8890 It was discovered that the net_csk_clone_lock() function allows a remote attacker to cause a double free leading to a denial of service or potentially have other impact. CVE-2017-8924 Johan Hovold found that the io_ti USB serial driver could leak sensitive information if a malicious USB device was connected. CVE-2017-8925 Johan Hovold found a reference counter leak in the omninet USB serial driver, resulting in a use-after-free vulnerability. This can be triggered by a local user permitted to open tty devices. CVE-2017-9074 Andrey Konovalov reported that the IPv6 fragmentation implementation could read beyond the end of a packet buffer. A local user or guest VM might be able to use this to leak sensitive information or to cause a denial of service (crash). CVE-2017-9075 Andrey Konovalov reported that the SCTP/IPv6 implementation wrongly initialised address lists on connected sockets, resulting in a use-after-free vulnerability, a similar issue to CVE-2017-8890. This can be triggered by any local user. CVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations wrongly initialised address lists on connected sockets, a similar issue to CVE-2017-9075. CVE-2017-9242 Andrey Konovalov reported a packet buffer overrun in the IPv6 implementation. A local user could use this for denial of service (memory corruption; crash) and possibly for privilege escalation. CVE-2017-1000364 The Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation. The default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line. Further details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.tx t For Debian 7
    last seen2020-03-17
    modified2017-06-20
    plugin id100876
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100876
    titleDebian DLA-993-2 : linux regression update (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3658.NASL
    descriptionDescription of changes: [2.6.39-400.298.1.el6uek] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 23320090] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 24337879] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) [Orabug: 25102637] - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) [Orabug: 25102637] - RDS: Print failed rdma op details if failure is remote access error (Rama Nichanamatlu) [Orabug: 25440316] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] {CVE-2017-2671} - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592013] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26650039] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675934] {CVE-2017-7889} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797307] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069045] {CVE-2017-12190} - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105145
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105145
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1942-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101944
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101944
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1942-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1945-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_69 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101947
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101947
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1945-1) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1647.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) * The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id101103
    published2017-06-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101103
    titleRHEL 6 : MRG (RHSA-2017:1647) (Stack Clash)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1486.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101484
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101484
    titleVirtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-1486)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1485.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100895
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100895
    titleRHEL 7 : kernel (RHSA-2017:1485) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1707-1.NASL
    descriptionThis Linux kernel update for SUSE Linux Enterprise 12 SP2 fixes the following issues : - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101106
    published2017-06-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101106
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1707-1) (Stack Clash)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0174.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details.
    last seen2020-06-05
    modified2017-12-14
    plugin id105248
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105248
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1486.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100938
    published2017-06-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100938
    titleCentOS 6 : kernel (CESA-2017:1486) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1486.NASL
    descriptionFrom Red Hat Security Advisory 2017:1486 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100889
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100889
    titleOracle Linux 6 : kernel (ELSA-2017-1486) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1906-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101886
    published2017-07-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101886
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1906-1) (Stack Clash)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL51931024.NASL
    descriptionAn issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-03-19
    modified2017-12-28
    plugin id105469
    published2017-12-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105469
    titleF5 Networks BIG-IP : Linux kernel vulnerability (K51931024) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1616.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) * A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if
    last seen2020-06-01
    modified2020-06-02
    plugin id101102
    published2017-06-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101102
    titleRHEL 7 : kernel-rt (RHSA-2017:1616) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3326-1.NASL
    descriptionIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100924
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100924
    titleUbuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1154.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-05-06
    modified2017-08-08
    plugin id102241
    published2017-08-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102241
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1154)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1484.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100894
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100894
    titleRHEL 7 : kernel (RHSA-2017:1484) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1915-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following bugs were fixed : - CVE-2017-1000364: The previous fix for the stack gap increase tracked by CVE-2017-1000364 had a regression, which is fixed by this follow up patch. (bsc#1039496) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101890
    published2017-07-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101890
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1915-1) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3329-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100927
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100927
    titleUbuntu 16.04 LTS : linux-gke, linux-meta-gke vulnerabilities (USN-3329-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-734.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.73 to receive security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-05
    modified2017-06-30
    plugin id101134
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101134
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-734) (Stack Clash)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-056.NASL
    descriptionAccording to the version of the crit / criu / criu-devel / python-criu / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101053
    published2017-06-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101053
    titleVirtuozzo 7 : crit / criu / criu-devel / python-criu / vzkernel / etc (VZA-2017-056)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1484.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101483
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101483
    titleVirtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-1484)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3334-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100932
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100932
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-meta-lts-xenial vulnerabilities (USN-3334-1) (Stack Clash)
  • NASL familyFirewalls
    NASL idFIREEYE_OS_EX_801.NASL
    descriptionThe remote host is running a version of FireEye Operating System (FEOS) that is affected by multiple vulnerabilities. See vendor release notes for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id103673
    published2017-10-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103673
    titleFireEye Operating System Multiple Vulnerabilities (AX < 7.7.7 / EX < 8.0.1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0126.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0126 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id102064
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102064
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0126) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1842-1.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id102511
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/102511
    titleOracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1484.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100937
    published2017-06-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100937
    titleCentOS 7 : kernel (CESA-2017:1484) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1946-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101948
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101948
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1946-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3595.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id102059
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102059
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3595) (Stack Clash)
  • NASL familyMisc.
    NASL idMCAFEE_WEB_GATEWAY_SB10205.NASL
    descriptionThe remote host is running a version of McAfee Web Gateway (MWG) that is affected by multiple security vulnerabilities : - A memory corruption flaw exists in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products that allows remote attackers to execute arbitrary code. (CVE-2012-6706) - A memory corruption flaw exists in Linux Kernel versions 4.11.5 and earlier that allows remote attacks to execute arbitrary code with elevated privileges.(CVE-2017-1000364) - A memory corruption flaw exists in the handling of LD_LIBRARY_PATH that allows a remote attacker to manipulate the heap/stack that may lead to arbitrary code execution. This issue only affects GNU glibc 2.25 and prior. (CVE-2017-1000366) - An input validation flaw exists in Todd Miller
    last seen2020-06-13
    modified2017-08-15
    plugin id102496
    published2017-08-15
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102496
    titleMcAfee Web Gateway 7.6.x < 7.6.2.15 / 7.7.x < 7.7.2.3 Multiple Vulnerabilities (SB10205)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1910-1.NASL
    descriptionThis update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101888
    published2017-07-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101888
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1910-1) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1487.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100897
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100897
    titleRHEL 6 : kernel (RHSA-2017:1487) (Stack Clash)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0145.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0145 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id102774
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102774
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1618-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: The default stack guard page was too small and could be
    last seen2020-06-01
    modified2020-06-02
    plugin id100916
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100916
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1618-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1905-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_57 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101885
    published2017-07-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101885
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1905-1) (Stack Clash)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-D3ED702FE4.NASL
    descriptionThe 4.11.6 update contains a number of important fixes across the tree, including the recently announced
    last seen2020-06-05
    modified2017-07-17
    plugin id101723
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101723
    titleFedora 26 : kernel (2017-d3ed702fe4) (Stack Clash)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170619_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)
    last seen2020-03-18
    modified2017-06-20
    plugin id100906
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100906
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20170619) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3338-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100990
    published2017-06-22
    reporterUbuntu Security Notice (C) 2017-2018 Canonical, Inc. / NASL script (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100990
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-3338-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1696-1.NASL
    descriptionThis Linux kernel update for SUSE Linux Enterprise 11 SP4 fixes the following issues : - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101061
    published2017-06-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101061
    titleSUSE SLES11 Security Update : kernel-source (SUSE-SU-2017:1696-1) (Stack Clash)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_184R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id121068
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121068
    titleJuniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1943-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_40 fixes one issue. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101945
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101945
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1943-1) (Stack Clash)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-061.NASL
    descriptionAccording to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - An updated fix for CVE-2017-1000364 (kernel: heap/stack gap jumping via unbounded stack allocations). The fix released in the 042stab123.8 kernel was not fully correct. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101207
    published2017-07-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101207
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-061)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-05F10E29F4.NASL
    descriptionThe 4.11.6 update contains a number of important fixes across the tree, including the recently announced
    last seen2020-06-05
    modified2017-06-28
    plugin id101068
    published2017-06-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101068
    titleFedora 24 : kernel (2017-05f10e29f4) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3330-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100928
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100928
    titleUbuntu 16.04 LTS : linux-meta-snapdragon, linux-snapdragon vulnerabilities (USN-3330-1) (Stack Clash)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0015.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0015 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id106469
    published2018-01-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106469
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1155.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-05-06
    modified2017-08-08
    plugin id102242
    published2017-08-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102242
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1155)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1617-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: The default stack guard page was too small and could be
    last seen2020-06-01
    modified2020-06-02
    plugin id100915
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100915
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1617-1) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1489.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100899
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100899
    titleRHEL 6 : kernel (RHSA-2017:1489) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1937-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_29 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101940
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101940
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1937-1) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1490.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100900
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100900
    titleRHEL 6 : kernel (RHSA-2017:1490) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3325-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100923
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100923
    titleUbuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3332-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100930
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100930
    titleUbuntu 16.04 LTS : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3332-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3592.NASL
    descriptionDescription of changes: [2.6.39-400.297.4.el6uek] - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326145] {CVE-2017-1000364} This plugin has been deprecated because the recently released Oracle Linux 5 and 6, ELSA-2017-3592, does not fix any security problems relevant to already running systems. You do not need to take any action to update your systems.
    last seen2017-10-29
    modified2017-10-06
    plugin id101544
    published2017-07-14
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=101544
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3592) (Stack Clash) (deprecated)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-177-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101051
    published2017-06-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101051
    titleSlackware 14.2 / current : kernel (SSA:2017-177-01) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3327-1.NASL
    descriptionIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100925
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100925
    titleUbuntu 16.10 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3327-1) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3335-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7294) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100933
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100933
    titleUbuntu 14.04 LTS : linux, linux-meta vulnerabilities (USN-3335-1) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1498.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754) - A flaw was found in the Linux kernel
    last seen2020-06-12
    modified2019-05-13
    plugin id124821
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124821
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0099_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) - A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636) - The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of- bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645) - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer- arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127325
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127325
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0099)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1939-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_72 fixes one issue. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101942
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101942
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1939-1) (Stack Clash)
  • NASL familyMisc.
    NASL idRANCHEROS_1_0_3.NASL
    descriptionThe remote host is running a version of RancherOS that is prior to v.1.0.3, hence is vulnerable to a local memory-corruption vulnerability. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges (CVE-2017-1000364) Glibc module in Rancheros contains a vulnerability that allows manipulation of the heap/stack. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges (CVE-2017-1000366)
    last seen2020-06-01
    modified2020-06-02
    plugin id132248
    published2019-12-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132248
    titleSecurity Updates for RancherOS Local Memory Corruption Vulnerability
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3331-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100929
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100929
    titleUbuntu 16.04 LTS : linux-aws, linux-meta-aws vulnerabilities (USN-3331-1) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3328-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems. (CVE-2017-7487) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100926
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100926
    titleUbuntu 16.04 LTS : linux, linux-meta vulnerabilities (USN-3328-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-716.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-05
    modified2017-06-30
    plugin id101127
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101127
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-716) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1912-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following bugs were fixed : - CVE-2017-1000364: The previous fix for the stack gap increase tracked by CVE-2017-1000364 had a regression, which is fixed by this follow up patch. (bsc#1039496) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101889
    published2017-07-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101889
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1912-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3587.NASL
    descriptionDescription of changes: kernel-uek [4.1.12-94.3.7.el7uek] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326143] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326143] {CVE-2017-1000364}
    last seen2020-06-01
    modified2020-06-02
    plugin id101098
    published2017-06-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101098
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3587) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3335-2.NASL
    descriptionUSN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100987
    published2017-06-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100987
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3335-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3333-1.NASL
    descriptionIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374) It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100931
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100931
    titleUbuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0022.NASL
    descriptionAn update of [linux,glibc] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111871
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111871
    titlePhoton OS 1.0: Glibc / Linux PHSA-2017-0022 (deprecated)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-845.NASL
    descriptionAn issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp
    last seen2020-06-01
    modified2020-06-02
    plugin id100874
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100874
    titleAmazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1706-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following issues : - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340, bsc#1045406] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101082
    published2017-06-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101082
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:1706-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1615-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: The default stack guard page was too small and could be
    last seen2020-06-01
    modified2020-06-02
    plugin id100914
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100914
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1615-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1941-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_32 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101943
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101943
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1941-1) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3324-1.NASL
    descriptionIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363) A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890) Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id100922
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100922
    titleUbuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1615-1.NASL
    descriptionDescription of changes: - [3.10.0-514.26.1.0.1.el7.OL7] - [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(<A HREF=
    last seen2020-06-01
    modified2020-06-02
    plugin id101138
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101138
    titleOracle Linux 7 : kernel (ELSA-2017-1615-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1704-1.NASL
    descriptionThis Linux kernel update for SUSE Linux Enterprise 12 SP1 fixes the following issues : - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101080
    published2017-06-28
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101080
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1704-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1613-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security fixes. The following security bugs were fixed : - CVE-2017-1000364: The default stack guard page was too small and could be
    last seen2020-06-01
    modified2020-06-02
    plugin id100912
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100912
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:1613-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1922-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101926
    published2017-07-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101926
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1922-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3659.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-05
    modified2017-12-14
    plugin id105247
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105247
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1483.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100893
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100893
    titleRHEL 5 : kernel (RHSA-2017:1483) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1484.NASL
    descriptionFrom Red Hat Security Advisory 2017:1484 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100888
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100888
    titleOracle Linux 7 : kernel (ELSA-2017-1484) (Stack Clash)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0115.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - mm: fix new crash in unmapped_area_topdown (Hugh Dickins) [Orabug: 26326143] (CVE-2017-1000364) - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326143] (CVE-2017-1000364)
    last seen2020-06-01
    modified2020-06-02
    plugin id101140
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101140
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0115) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1944-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101946
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101946
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1944-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1909-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101887
    published2017-07-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101887
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1909-1) (Stack Clash)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3886.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured. - CVE-2017-7645 Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations are vulnerable to an out-of-bounds memory access issue while processing arbitrarily long arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of service. - CVE-2017-7895 Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3 server implementations do not properly handle payload bounds checking of WRITE requests. A remote attacker with write access to a NFS mount can take advantage of this flaw to read chunks of arbitrary memory from both kernel-space and user-space. - CVE-2017-8064 Arnd Bergmann found that the DVB-USB core misused the device logging system, resulting in a use-after-free vulnerability, with unknown security impact. - CVE-2017-8890 It was discovered that the net_csk_clone_lock() function allows a remote attacker to cause a double free leading to a denial of service or potentially have other impact. - CVE-2017-8924 Johan Hovold found that the io_ti USB serial driver could leak sensitive information if a malicious USB device was connected. - CVE-2017-8925 Johan Hovold found a reference counter leak in the omninet USB serial driver, resulting in a use-after-free vulnerability. This can be triggered by a local user permitted to open tty devices. - CVE-2017-9074 Andrey Konovalov reported that the IPv6 fragmentation implementation could read beyond the end of a packet buffer. A local user or guest VM might be able to use this to leak sensitive information or to cause a denial of service (crash). - CVE-2017-9075 Andrey Konovalov reported that the SCTP/IPv6 implementation wrongly initialised address lists on connected sockets, resulting in a use-after-free vulnerability, a similar issue to CVE-2017-8890. This can be triggered by any local user. - CVE-2017-9076 / CVE-2017-9077 Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations wrongly initialised address lists on connected sockets, a similar issue to CVE-2017-9075. - CVE-2017-9242 Andrey Konovalov reported a packet buffer overrun in the IPv6 implementation. A local user could use this for denial of service (memory corruption; crash) and possibly for privilege escalation. - CVE-2017-1000364 The Qualys Research Labs discovered that the size of the stack guard page is not sufficiently large. The stack-pointer can jump over the guard-page and moving from the stack into another memory region without accessing the guard-page. In this case no page-fault exception is raised and the stack extends into the other memory region. An attacker can exploit this flaw for privilege escalation. The default stack gap protection is set to 256 pages and can be configured via the stack_guard_gap kernel parameter on the kernel command line. Further details can be found at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
    last seen2020-06-01
    modified2020-06-02
    plugin id100877
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100877
    titleDebian DSA-3886-1 : linux - security update (Stack Clash)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1200.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10208 Sergej Schumilo and Ralf Spenneberg discovered that a crafted ext4 filesystem could trigger memory corruption when it is mounted. A user that can provide a device or filesystem image to be mounted could use this for denial of service (crash or data corruption) or possibly for privilege escalation. CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free. A local user could use this for denial of service (crash or data corruption) or possibly for privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-dccp.conf install dccp false CVE-2017-8831 Pengfei Wang discovered that the saa7164 video capture driver re-reads data from a PCI device after validating it. A physically present user able to attach a specially designed PCI device could use this for privilege escalation. CVE-2017-12190 Vitaly Mayatskikh discovered that the block layer did not correctly count page references for raw I/O from user-space. This can be exploited by a guest VM with access to a host SCSI device for denial of service (memory exhaustion) or potentially for privilege escalation. CVE-2017-13080 A vulnerability was found in the WPA2 protocol that could lead to reinstallation of the same Group Temporal Key (GTK), which substantially reduces the security of wifi encryption. This is one of the issues collectively known as
    last seen2020-03-17
    modified2017-12-11
    plugin id105116
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105116
    titleDebian DLA-1200-1 : linux security update (KRACK)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1488.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) * A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important) Red Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364 and Alexander Popov for reporting CVE-2017-2636. Bug Fix(es) : * Previously, the kdump mechanism was trying to get the lock by the vmalloc_sync_all() function during a kernel panic. Consequently, a deadlock occurred, and the crashkernel did not boot. This update fixes the vmalloc_sync_all() function to avoid synchronizing the vmalloc area on the crashing CPU. As a result, the crashkernel parameter now boots as expected, and the kernel dump is collected successfully under the described circumstances. (BZ#1443497) * Previously, a kernel panic occurred when the mcelog daemon executed a huge page memory offline. This update fixes the HugeTLB feature of the Linux kernel to check for the Page Table Entry (PTE) NULL pointer in the page_check_address() function. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1444349) * Previously, the vmw_pvscsi driver reported most successful aborts as FAILED due to a bug in vmw_pvscsi abort handler. This update fixes the handler, and successful aborts are no longer reported as FAILED. (BZ#1442966)
    last seen2020-06-01
    modified2020-06-02
    plugin id100898
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100898
    titleRHEL 6 : kernel (RHSA-2017:1488) (Stack Clash)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA_10826.NASL
    descriptionAccording to its self-reported version number, the version of Junos Space running on the remote device is < 17.1R1, and is therefore affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id104100
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104100
    titleJuniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0022_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121706
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121706
    titlePhoton OS 1.0: Linux PHSA-2017-0022
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1508.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow.(CVE-2016-5343i1/4%0 - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-21
    plugin id125301
    published2019-05-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125301
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1508)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170619_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)
    last seen2020-03-18
    modified2017-06-20
    plugin id100905
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100905
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170619) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3609.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id102773
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102773
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-180-01.NASL
    descriptionNew kernel packages are available for Slackware 14.1 to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101115
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101115
    titleSlackware 14.1 : Slackware 14.1 kernel (SSA:2017-180-01) (Stack Clash)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-D7BC1B3056.NASL
    descriptionThe 4.11.6 update contains a number of important fixes across the tree, including the recently announced
    last seen2020-06-05
    modified2017-06-26
    plugin id101037
    published2017-06-26
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101037
    titleFedora 25 : kernel (2017-d7bc1b3056) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3338-2.NASL
    descriptionUSN-3338-1 fixed vulnerabilities in the Linux kernel. However, the fix for CVE-2017-1000364 introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364) Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101149
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101149
    titleUbuntu 12.04 LTS : linux regression (USN-3338-2) (Stack Clash)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-055.NASL
    descriptionAccording to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101052
    published2017-06-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101052
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-055)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1486.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100896
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100896
    titleRHEL 6 : kernel (RHSA-2017:1486) (Stack Clash)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-184-01.NASL
    descriptionNew kernel packages are available for Slackware 14.0 to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101206
    published2017-07-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101206
    titleSlackware 14.0 : Slackware 14.0 kernel (SSA:2017-184-01) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1924-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_66 fixes several issues. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be
    last seen2020-06-01
    modified2020-06-02
    plugin id101927
    published2017-07-24
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101927
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1924-1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1735-1.NASL
    descriptionThis Linux kernel update for SUSE Linux Enterprise 12 fixes the following issues : - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101144
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101144
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:1735-1) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1482.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100979
    published2017-06-22
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100979
    titleRHEL 5 : kernel (RHSA-2017:1482) (Stack Clash)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/149804/rsh_stack_clash_priv_esc.rb.txt
idPACKETSTORM:149804
last seen2018-10-16
published2018-10-15
reporterBrendan Coles
sourcehttps://packetstormsecurity.com/files/149804/Solaris-RSH-Stack-Clash-Privilege-Escalation.html
titleSolaris RSH Stack Clash Privilege Escalation

Redhat

advisories
  • rhsa
    idRHSA-2017:1482
  • rhsa
    idRHSA-2017:1483
  • rhsa
    idRHSA-2017:1484
  • rhsa
    idRHSA-2017:1485
  • rhsa
    idRHSA-2017:1486
  • rhsa
    idRHSA-2017:1487
  • rhsa
    idRHSA-2017:1488
  • rhsa
    idRHSA-2017:1489
  • rhsa
    idRHSA-2017:1490
  • rhsa
    idRHSA-2017:1491
  • rhsa
    idRHSA-2017:1567
  • rhsa
    idRHSA-2017:1616
  • rhsa
    idRHSA-2017:1647
  • rhsa
    idRHSA-2017:1712
rpms
  • kernel-0:2.6.18-420.el5
  • kernel-PAE-0:2.6.18-420.el5
  • kernel-PAE-debuginfo-0:2.6.18-420.el5
  • kernel-PAE-devel-0:2.6.18-420.el5
  • kernel-debug-0:2.6.18-420.el5
  • kernel-debug-debuginfo-0:2.6.18-420.el5
  • kernel-debug-devel-0:2.6.18-420.el5
  • kernel-debuginfo-0:2.6.18-420.el5
  • kernel-debuginfo-common-0:2.6.18-420.el5
  • kernel-devel-0:2.6.18-420.el5
  • kernel-doc-0:2.6.18-420.el5
  • kernel-headers-0:2.6.18-420.el5
  • kernel-kdump-0:2.6.18-420.el5
  • kernel-kdump-debuginfo-0:2.6.18-420.el5
  • kernel-kdump-devel-0:2.6.18-420.el5
  • kernel-xen-0:2.6.18-420.el5
  • kernel-xen-debuginfo-0:2.6.18-420.el5
  • kernel-xen-devel-0:2.6.18-420.el5
  • kernel-0:2.6.18-348.33.2.el5
  • kernel-PAE-0:2.6.18-348.33.2.el5
  • kernel-PAE-debuginfo-0:2.6.18-348.33.2.el5
  • kernel-PAE-devel-0:2.6.18-348.33.2.el5
  • kernel-debug-0:2.6.18-348.33.2.el5
  • kernel-debug-debuginfo-0:2.6.18-348.33.2.el5
  • kernel-debug-devel-0:2.6.18-348.33.2.el5
  • kernel-debuginfo-0:2.6.18-348.33.2.el5
  • kernel-debuginfo-common-0:2.6.18-348.33.2.el5
  • kernel-devel-0:2.6.18-348.33.2.el5
  • kernel-doc-0:2.6.18-348.33.2.el5
  • kernel-headers-0:2.6.18-348.33.2.el5
  • kernel-xen-0:2.6.18-348.33.2.el5
  • kernel-xen-debuginfo-0:2.6.18-348.33.2.el5
  • kernel-xen-devel-0:2.6.18-348.33.2.el5
  • kernel-0:3.10.0-514.21.2.el7
  • kernel-abi-whitelists-0:3.10.0-514.21.2.el7
  • kernel-bootwrapper-0:3.10.0-514.21.2.el7
  • kernel-debug-0:3.10.0-514.21.2.el7
  • kernel-debug-debuginfo-0:3.10.0-514.21.2.el7
  • kernel-debug-devel-0:3.10.0-514.21.2.el7
  • kernel-debuginfo-0:3.10.0-514.21.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.21.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.21.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.21.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.21.2.el7
  • kernel-devel-0:3.10.0-514.21.2.el7
  • kernel-doc-0:3.10.0-514.21.2.el7
  • kernel-headers-0:3.10.0-514.21.2.el7
  • kernel-kdump-0:3.10.0-514.21.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.21.2.el7
  • kernel-kdump-devel-0:3.10.0-514.21.2.el7
  • kernel-tools-0:3.10.0-514.21.2.el7
  • kernel-tools-debuginfo-0:3.10.0-514.21.2.el7
  • kernel-tools-libs-0:3.10.0-514.21.2.el7
  • kernel-tools-libs-devel-0:3.10.0-514.21.2.el7
  • perf-0:3.10.0-514.21.2.el7
  • perf-debuginfo-0:3.10.0-514.21.2.el7
  • python-perf-0:3.10.0-514.21.2.el7
  • python-perf-debuginfo-0:3.10.0-514.21.2.el7
  • kernel-0:3.10.0-327.55.2.el7
  • kernel-abi-whitelists-0:3.10.0-327.55.2.el7
  • kernel-bootwrapper-0:3.10.0-327.55.2.el7
  • kernel-debug-0:3.10.0-327.55.2.el7
  • kernel-debug-debuginfo-0:3.10.0-327.55.2.el7
  • kernel-debug-devel-0:3.10.0-327.55.2.el7
  • kernel-debuginfo-0:3.10.0-327.55.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.55.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.55.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.55.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.55.2.el7
  • kernel-devel-0:3.10.0-327.55.2.el7
  • kernel-doc-0:3.10.0-327.55.2.el7
  • kernel-headers-0:3.10.0-327.55.2.el7
  • kernel-kdump-0:3.10.0-327.55.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.55.2.el7
  • kernel-kdump-devel-0:3.10.0-327.55.2.el7
  • kernel-tools-0:3.10.0-327.55.2.el7
  • kernel-tools-debuginfo-0:3.10.0-327.55.2.el7
  • kernel-tools-libs-0:3.10.0-327.55.2.el7
  • kernel-tools-libs-devel-0:3.10.0-327.55.2.el7
  • perf-0:3.10.0-327.55.2.el7
  • perf-debuginfo-0:3.10.0-327.55.2.el7
  • python-perf-0:3.10.0-327.55.2.el7
  • python-perf-debuginfo-0:3.10.0-327.55.2.el7
  • kernel-0:2.6.32-696.3.2.el6
  • kernel-abi-whitelists-0:2.6.32-696.3.2.el6
  • kernel-bootwrapper-0:2.6.32-696.3.2.el6
  • kernel-debug-0:2.6.32-696.3.2.el6
  • kernel-debug-debuginfo-0:2.6.32-696.3.2.el6
  • kernel-debug-devel-0:2.6.32-696.3.2.el6
  • kernel-debuginfo-0:2.6.32-696.3.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-696.3.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-696.3.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-696.3.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-696.3.2.el6
  • kernel-devel-0:2.6.32-696.3.2.el6
  • kernel-doc-0:2.6.32-696.3.2.el6
  • kernel-firmware-0:2.6.32-696.3.2.el6
  • kernel-headers-0:2.6.32-696.3.2.el6
  • kernel-kdump-0:2.6.32-696.3.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-696.3.2.el6
  • kernel-kdump-devel-0:2.6.32-696.3.2.el6
  • perf-0:2.6.32-696.3.2.el6
  • perf-debuginfo-0:2.6.32-696.3.2.el6
  • python-perf-0:2.6.32-696.3.2.el6
  • python-perf-debuginfo-0:2.6.32-696.3.2.el6
  • kernel-0:2.6.32-573.42.2.el6
  • kernel-abi-whitelists-0:2.6.32-573.42.2.el6
  • kernel-bootwrapper-0:2.6.32-573.42.2.el6
  • kernel-debug-0:2.6.32-573.42.2.el6
  • kernel-debug-debuginfo-0:2.6.32-573.42.2.el6
  • kernel-debug-devel-0:2.6.32-573.42.2.el6
  • kernel-debuginfo-0:2.6.32-573.42.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.42.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.42.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.42.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.42.2.el6
  • kernel-devel-0:2.6.32-573.42.2.el6
  • kernel-doc-0:2.6.32-573.42.2.el6
  • kernel-firmware-0:2.6.32-573.42.2.el6
  • kernel-headers-0:2.6.32-573.42.2.el6
  • kernel-kdump-0:2.6.32-573.42.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.42.2.el6
  • kernel-kdump-devel-0:2.6.32-573.42.2.el6
  • perf-0:2.6.32-573.42.2.el6
  • perf-debuginfo-0:2.6.32-573.42.2.el6
  • python-perf-0:2.6.32-573.42.2.el6
  • python-perf-debuginfo-0:2.6.32-573.42.2.el6
  • kernel-0:2.6.32-504.60.2.el6
  • kernel-abi-whitelists-0:2.6.32-504.60.2.el6
  • kernel-debug-0:2.6.32-504.60.2.el6
  • kernel-debug-debuginfo-0:2.6.32-504.60.2.el6
  • kernel-debug-devel-0:2.6.32-504.60.2.el6
  • kernel-debuginfo-0:2.6.32-504.60.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.60.2.el6
  • kernel-devel-0:2.6.32-504.60.2.el6
  • kernel-doc-0:2.6.32-504.60.2.el6
  • kernel-firmware-0:2.6.32-504.60.2.el6
  • kernel-headers-0:2.6.32-504.60.2.el6
  • perf-0:2.6.32-504.60.2.el6
  • perf-debuginfo-0:2.6.32-504.60.2.el6
  • python-perf-0:2.6.32-504.60.2.el6
  • python-perf-debuginfo-0:2.6.32-504.60.2.el6
  • kernel-0:2.6.32-431.80.2.el6
  • kernel-abi-whitelists-0:2.6.32-431.80.2.el6
  • kernel-debug-0:2.6.32-431.80.2.el6
  • kernel-debug-debuginfo-0:2.6.32-431.80.2.el6
  • kernel-debug-devel-0:2.6.32-431.80.2.el6
  • kernel-debuginfo-0:2.6.32-431.80.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.80.2.el6
  • kernel-devel-0:2.6.32-431.80.2.el6
  • kernel-doc-0:2.6.32-431.80.2.el6
  • kernel-firmware-0:2.6.32-431.80.2.el6
  • kernel-headers-0:2.6.32-431.80.2.el6
  • perf-0:2.6.32-431.80.2.el6
  • perf-debuginfo-0:2.6.32-431.80.2.el6
  • python-perf-0:2.6.32-431.80.2.el6
  • python-perf-debuginfo-0:2.6.32-431.80.2.el6
  • kernel-0:2.6.32-358.79.2.el6
  • kernel-debug-0:2.6.32-358.79.2.el6
  • kernel-debug-debuginfo-0:2.6.32-358.79.2.el6
  • kernel-debug-devel-0:2.6.32-358.79.2.el6
  • kernel-debuginfo-0:2.6.32-358.79.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.79.2.el6
  • kernel-devel-0:2.6.32-358.79.2.el6
  • kernel-doc-0:2.6.32-358.79.2.el6
  • kernel-firmware-0:2.6.32-358.79.2.el6
  • kernel-headers-0:2.6.32-358.79.2.el6
  • perf-0:2.6.32-358.79.2.el6
  • perf-debuginfo-0:2.6.32-358.79.2.el6
  • python-perf-0:2.6.32-358.79.2.el6
  • python-perf-debuginfo-0:2.6.32-358.79.2.el6
  • kernel-0:2.6.32-220.72.2.el6
  • kernel-debug-0:2.6.32-220.72.2.el6
  • kernel-debug-debuginfo-0:2.6.32-220.72.2.el6
  • kernel-debug-devel-0:2.6.32-220.72.2.el6
  • kernel-debuginfo-0:2.6.32-220.72.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.72.2.el6
  • kernel-devel-0:2.6.32-220.72.2.el6
  • kernel-doc-0:2.6.32-220.72.2.el6
  • kernel-firmware-0:2.6.32-220.72.2.el6
  • kernel-headers-0:2.6.32-220.72.2.el6
  • perf-0:2.6.32-220.72.2.el6
  • perf-debuginfo-0:2.6.32-220.72.2.el6
  • python-perf-0:2.6.32-220.72.2.el6
  • python-perf-debuginfo-0:2.6.32-220.72.2.el6
  • kernel-rt-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-debug-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-debug-devel-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-debug-kvm-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-debuginfo-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-devel-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-doc-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-kvm-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-trace-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-trace-devel-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-trace-kvm-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-514.26.1.rt56.442.el7
  • kernel-rt-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-debug-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-debug-devel-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-debuginfo-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-devel-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-doc-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-firmware-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-trace-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-trace-devel-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-vanilla-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-514.rt56.228.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-514.rt56.228.el6rt

The Hacker News

idTHN:72D5C1EE790D99032F95F4A094E36BD6
last seen2018-01-27
modified2017-06-29
published2017-06-19
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2017/06/linux-root-privilege-escalation.html
titleA Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered