Lucene search

K
archlinuxArchLinuxASA-201709-4
HistorySep 13, 2017 - 12:00 a.m.

[ASA-201709-4] linux-hardened: arbitrary code execution

2017-09-1300:00:00
security.archlinux.org
10

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.2%

Arch Linux Security Advisory ASA-201709-4

Severity: High
Date : 2017-09-13
CVE-ID : CVE-2017-1000251
Package : linux-hardened
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-395

Summary

The package linux-hardened before version 4.13.1.b-1 is vulnerable to
arbitrary code execution.

Resolution

Upgrade to 4.13.1.b-1.

pacman -Syu “linux-hardened>=4.13.1.b-1”

The problem has been fixed upstream in version 4.13.1.b.

Workaround

None.

Description

A stack buffer overflow flaw was found in the way the Bluetooth
subsystem of the Linux kernel processed pending L2CAP configuration
responses from a client. On systems with the stack protection feature
enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on
all architectures), an unauthenticated attacker able to initiate a
connection to a system via Bluetooth could use this flaw to crash the
system. Due to the nature of the stack protection feature, code
execution cannot be fully ruled out, although it is unlikely. On
systems without the stack protection feature, an unauthenticated
attacker able to initiate a connection to a system via Bluetooth could
use this flaw to remotely execute arbitrary code on the system with
ring 0 (kernel) privileges.

Impact

An unauthenticated attacker able to initiate a connection via Bluetooth
is able to crash the system or possibly execute arbitrary code.

References

https://bugs.archlinux.org/task/55602
https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
https://www.armis.com/blueborne/
https://security.archlinux.org/CVE-2017-1000251

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylinux-hardened< 4.13.1.b-1UNKNOWN

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.2%