CVE-2017-1000365

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.debian.org/security/2017/dsa-3927	Third Party Advisory
http://www.debian.org/security/2017/dsa-3945	Third Party Advisory
http://www.securityfocus.com/bid/99156	Third Party Advisory VDB Entry
https://access.redhat.com/security/cve/CVE-2017-1000365	Third Party Advisory VDB Entry
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt	Third Party Advisory
http://www.debian.org/security/2017/dsa-3927	Third Party Advisory
http://www.debian.org/security/2017/dsa-3945	Third Party Advisory
http://www.securityfocus.com/bid/99156	Third Party Advisory VDB Entry
https://access.redhat.com/security/cve/CVE-2017-1000365	Third Party Advisory VDB Entry
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

21 Nov 2024, 03:04

Type	Values Removed	Values Added
References	~~() http://www.debian.org/security/2017/dsa-3927 - Third Party Advisory~~	() http://www.debian.org/security/2017/dsa-3927 - Third Party Advisory
References	~~() http://www.debian.org/security/2017/dsa-3945 - Third Party Advisory~~	() http://www.debian.org/security/2017/dsa-3945 - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/99156 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/99156 - Third Party Advisory, VDB Entry
References	~~() https://access.redhat.com/security/cve/CVE-2017-1000365 - Third Party Advisory, VDB Entry~~	() https://access.redhat.com/security/cve/CVE-2017-1000365 - Third Party Advisory, VDB Entry
References	~~() https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt - Third Party Advisory~~	() https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt - Third Party Advisory

Information

Published : 2017-06-19 16:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-1000365

Mitre link : CVE-2017-1000365

CVE.ORG link : CVE-2017-1000365

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2017-1000365", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-06-19T16:29:00.280", "references": [{"url": "http://www.debian.org/security/2017/dsa-3927", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2017/dsa-3945", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99156", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/security/cve/CVE-2017-1000365", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2017/dsa-3927", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2017/dsa-3945", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/99156", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2017-1000365", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23."}, {"lang": "es", "value": "El Kernel de Linux impone una restricci\u00f3n de tama\u00f1o en los argumentos y cadenas de entorno pasados por medio de RLIMIT_STACK/RLIM_INFINITY (1/4 del tama\u00f1o), pero no tiene en cuenta el argumento y los punteros de entorno, lo que permite a los atacantes omitir esta limitaci\u00f3n. Esto afecta a las versiones 4.11.5 y anteriores del Kernel de Linux. Parece que esta funcionalidad se introdujo en la versi\u00f3n 2.6.23 del Kernel de Linux."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "413D61A4-C678-4E38-BFE2-40472701FD70", "versionEndExcluding": "3.2.91", "versionStartIncluding": "2.6.23"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AEC5142-D74C-40FD-9F20-286B9566A40E", "versionEndExcluding": "3.10.108", "versionStartIncluding": "3.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B74022CD-4A80-418C-82C6-E903D5F3A944", "versionEndExcluding": "3.16.46", "versionStartIncluding": "3.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFCD44DB-A537-4F77-B2DC-E0F3EF3FC431", "versionEndExcluding": "3.18.59", "versionStartIncluding": "3.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F6B255F-0933-4983-B3F6-AD5B128A8F04", "versionEndExcluding": "4.1.43", "versionStartIncluding": "3.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210DE424-BB18-453F-8EC0-528DB62330A3", "versionEndExcluding": "4.4.75", "versionStartIncluding": "4.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "756E8245-FDA8-4533-839F-003E1102C971", "versionEndExcluding": "4.9.35", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC396324-C7F1-4F5F-8C7B-1F084DF92D5B", "versionEndExcluding": "4.11.8", "versionStartIncluding": "4.10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}