SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1039434
SecurityTracker URL:  http://securitytracker.com/id/1039434
CVE Reference:   CVE-2017-1000253   (Links to External Site)
Date:  Sep 27 2017
Impact:   Execution of arbitrary code via local system, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux kernel. A local user can obtain elevated privileges on the target system.

A local user can exploit a flaw in applications built as Position Independent Executable (PIE) ELF executables to trigger a stack corruption error and execute arbitrary code. The code will run with the privileges of the target application.

The original advisory is available at:

https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

Qualys, Inc. reported this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued a source code fix, available at:

https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Boundary error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 27 2017 (Red Hat Issues Fix) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4.
Sep 27 2017 (Red Hat Issues Fix) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 7.2.
Sep 27 2017 (Red Hat Issues Fix) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 7.3.
Sep 27 2017 (Red Hat Issues Fix) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6.7.
Sep 27 2017 (Red Hat Issues Fix) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Sep 27 2017 (Red Hat Issues Fix) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux.
Sep 27 2017 (Red Hat Issues Fix) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Aug 6 2018 (Oracle Issues Fix for Oracle Linux) Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
Oracle has issued a fix for Oracle Linux 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC