CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1000363
https://notcve.org/view.php?id=CVE-2017-1000363
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. Una escritura fuera de límites en el archivo drivers/char/lp.c de Linux, Debido a la falta de comprobación de límites, y al hecho de que el entero parport_ptr es estático, un adversario de línea de comando del kernel "secure boot" (puede ocurrir debido a vulnerabilidades del cargador de arranque, por ejemplo, CVE-2016-10277 de Google Nexus 6, donde debido a una vulnerabilidad el adversario tiene control parcial sobre la línea de comando) puede desbordar la matriz parport_nr en el siguiente código, mediante la incorporación muchos argumentos (mayor que LP_NO) 'lp=none' hacia la línea de comando. • http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/98651 https://alephsecurity.com/vulns/aleph-2017023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-1000365
https://notcve.org/view.php?id=CVE-2017-1000365
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. El Kernel de Linux impone una restricción de tamaño en los argumentos y cadenas de entorno pasados por medio de RLIMIT_STACK/RLIM_INFINITY (1/4 del tamaño), pero no tiene en cuenta el argumento y los punteros de entorno, lo que permite a los atacantes omitir esta limitación. Esto afecta a las versiones 4.11.5 y anteriores del Kernel de Linux. • http://www.debian.org/security/2017/dsa-3927 http://www.debian.org/security/2017/dsa-3945 http://www.securityfocus.com/bid/99156 https://access.redhat.com/security/cve/CVE-2017-1000365 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-1000364 – Solaris RSH Stack Clash Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000364
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). Se ha descubierto un problema en el tamaño de la página de stack guard en Linux; específicamente, una página 4k stack guard no es lo suficientemente grande y puede "saltarse" (se omite la página de stack guard). Esto afecta al kernel de Linux en versiones 4.11.5 y anteriores (la página stackguard fue introducida en 2010). A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. • https://www.exploit-db.com/exploits/45625 http://www.debian.org/security/2017/dsa-3886 http://www.securityfocus.com/bid/99130 http://www.securitytracker.com/id/1038724 https://access.redhat.com/errata/RHSA-2017:1482 https://access.redhat.com/errata/RHSA-2017:1483 https://access.redhat.com/errata/RHSA-2017:1484 https://access.redhat.com/errata/RHSA-2017:1485 https://access.redhat.com/errata/RHSA-2017:1486 https://access.redhat.com/errata/RHSA-2017:1487 https://a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2017-1000379 – Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000379
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. El Kernel de Linux ejecutándose en sistemas AMD64 a veces asignará el contenido de un ejecutable PIE, la región heap o el archivo ld.so donde la pila es asignada, permitiendo a los atacantes manipular más fácilmente la pila. Kernel de Linux versión 4.11.5, esta afectado. • https://www.exploit-db.com/exploits/42275 http://www.securityfocus.com/bid/99284 https://access.redhat.com/errata/RHSA-2017:1482 https://access.redhat.com/errata/RHSA-2017:1484 https://access.redhat.com/errata/RHSA-2017:1485 https://access.redhat.com/errata/RHSA-2017:1486 https://access.redhat.com/errata/RHSA-2017:1487 https://access.redhat.com/errata/RHSA-2017:1488 https://access.redhat.com/errata/RHSA-2017:1489 https://access.redhat.com/errata/RHSA-2017:1490 https&# •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000380 – kernel: information leak due to a data race in ALSA timer
https://notcve.org/view.php?id=CVE-2017-1000380
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. El archivo sound/core/timer.c en el kernel de Linux anterior a versión 4.11.5, es vulnerable a una carrera de datos en el controlador de /dev/snd/timer de ALSA, resultando en que los usuarios locales sean capaces de leer la información que pertenece a otros usuarios, es decir, los contenidos de la memoria sin inicializar pueden ser divulgados cuando una lectura y un ioctl se presentan al mismo tiempo. It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5 http://www.openwall.com/lists/oss-security/2017/06/12/2 http://www.securityfocus.com/bid/99121 https://access.redhat.com/errata/RHSA-2017:3295 https:&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •