Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2017-1000253 | First vendor Publication | 2017-10-04 |
| Vendor | Cve | Last vendor Modification | 2023-01-17 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000253 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-12-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-3658.nasl - Type : ACT_GATHER_INFO |
| 2017-11-21 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZA-2017-086.nasl - Type : ACT_GATHER_INFO |
| 2017-10-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2725-1.nasl - Type : ACT_GATHER_INFO |
| 2017-10-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2723-1.nasl - Type : ACT_GATHER_INFO |
| 2017-10-02 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZA-2017-090.nasl - Type : ACT_GATHER_INFO |
| 2017-09-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-3626.nasl - Type : ACT_GATHER_INFO |
| 2017-09-28 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-2795.nasl - Type : ACT_GATHER_INFO |
| 2017-09-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2017-2795.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20170926_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2800.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2799.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2798.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2797.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2796.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2795.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2794.nasl - Type : ACT_GATHER_INFO |
| 2017-09-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2017-2793.nasl - Type : ACT_GATHER_INFO |
| 2015-10-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-603.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-03-12 12:39:36 |
|
| 2024-02-02 01:42:59 |
|
| 2024-02-01 12:12:06 |
|
| 2023-12-29 01:38:12 |
|
| 2023-11-22 01:37:52 |
|
| 2023-09-05 12:41:00 |
|
| 2023-09-05 01:11:50 |
|
| 2023-09-02 12:40:48 |
|
| 2023-09-02 01:12:06 |
|
| 2023-08-12 12:44:15 |
|
| 2023-08-12 01:11:36 |
|
| 2023-08-11 12:38:55 |
|
| 2023-08-11 01:11:55 |
|
| 2023-08-06 12:37:38 |
|
| 2023-08-06 01:11:35 |
|
| 2023-08-04 12:37:48 |
|
| 2023-08-04 01:11:39 |
|
| 2023-07-14 12:37:50 |
|
| 2023-07-14 01:11:38 |
|
| 2023-03-29 01:39:36 |
|
| 2023-03-28 12:11:56 |
|
| 2023-01-18 00:27:55 |
|
| 2021-05-04 12:55:19 |
|
| 2021-04-22 02:07:44 |
|
| 2020-05-23 00:54:28 |
|
| 2017-12-12 13:24:21 |
|
| 2017-12-09 09:22:21 |
|
| 2017-12-08 09:21:41 |
|
| 2017-11-22 13:23:46 |
|
| 2017-10-20 21:23:55 |
|
| 2017-10-17 13:25:15 |
|
| 2017-10-14 13:24:59 |
|
| 2017-10-05 09:23:11 |
|
