CVE-2017-1000365
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
El Kernel de Linux impone una restricción de tamaño en los argumentos y cadenas de entorno pasados por medio de RLIMIT_STACK/RLIM_INFINITY (1/4 del tamaño), pero no tiene en cuenta el argumento y los punteros de entorno, lo que permite a los atacantes omitir esta limitación. Esto afecta a las versiones 4.11.5 y anteriores del Kernel de Linux. Parece que esta funcionalidad se introdujo en la versión 2.6.23 del Kernel de Linux.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-19 CVE Reserved
- 2017-06-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99156 | Third Party Advisory | |
| https://access.redhat.com/security/cve/CVE-2017-1000365 | Third Party Advisory | |
| https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3927 | 2023-01-17 | |
| http://www.debian.org/security/2017/dsa-3945 | 2023-01-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.23 < 3.2.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 3.2.91" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.10.108 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.108" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.16.46 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.16.46" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.59" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.43 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.43" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.75" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.35" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.11.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.11.8" | - |
Affected
| ||||||