Lucene search

K
myhack58佚名MYHACK58:62201789498
HistorySep 28, 2017 - 12:00 a.m.

Linux PIE/stack memory corruption vulnerability flaws bug alert(CVE–2017–1000253)number-vulnerability warning-the black bar safety net

2017-09-2800:00:00
佚名
www.myhack58.com
164

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.0%

2015 4 on 14 September, Michael Davidson found PIE(Position Independent Executable mechanism to allow the part of the application of the French data segment is placed across the reserved memory area to form memory bounds, and thus incur the mention of the right to, and in the Linux Source Tree on the submitted patch a87938b2e246b81b4fb713edb371a9fa3c5c3c86 it.
The same year, 5 months, Linux 3.10.77 updated version of the patch, what, then and no to the question of the importance of making a precise evaluation, it is a lot of published version for a long time did not update the patch, leading to flaws vulnerability bug kept there.
2017 9 May 26, OSS-SEC mailing list announced with the flaws vulnerability bug coherent information, and the performance of the flaws the vulnerability bug number CVE-2017-1000253 it. At the same time, the coherence of the affected Linux published version is also announced the flaws vulnerability bug coherent Update Patch the.
Britain at the end 360CERT evaluation, the flaws vulnerability bug can be the use of dangerous high-level, can be used for the Linux operating system vicious thoughts its mention of the right root, the initiative of the affected user, as soon as possible to achieve response update.
0x01 confound the impact
Impact grade
Flaws vulnerability bug dangerous goods was high, affecting a wide range.
Impact version
2017 09 month 13 days before the publication of CentOS 7 full version version 1708.
2017 08 months 01 days before the publication of the Red Hat Enterprise Linux 7 full version for version 7. 4 before
All version of CentOS 6 and Red Hat Enterprise Linux 6
Fix version
Kernel 3.10.0-693 and later
Detail of the printed edition:
Debian wheezy 3.2.71-1
Debian jessie 3.16.7-ckt11-1
Debian (unstable) 4.0.2-1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 GA
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
Red Hat Enterprise MRG 2 3.10.0-693.2.1. rt56. 585. el6rt
Red Hat Enteprise Linux for Realtime 3.10.0-693. rt56. 617
0x02 flaws vulnerability bug information
Linux case, if the application of French when compiling with“-pie”compile option, the load_elf_binary()will assign a segment of memory space, but load_elf_ binary()is not considered to apply to all French dispatch plenty of space, incurring a PT_LOAD segment across a mm->mmap_base it. In x86_64, if the cross-border across the 128MB, you will be enveloped into French of the stack, and then be able to incur permission to promotion. Civil supply of the memory bounds of the outcomes map:
! [](/Article/UploadPic/2017-9/201792843129772. jpg? www. myhack58. com)
Civil patch supplied way is figuring out and supplied to the application of the French space needed size to avoid memory bounds.
0x03 repair plan
Intense initiatives to all affected users, in real-time to stop the network security updates, optional method, the following:
Coherent Linux published version once the supply of the network security updates, via the process yum or apt-get in the situation to stop the network security update.
Custom kernel users, please download the corresponding source code patch to stop the network security update.
Patch location: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86
0x04 time line
2015-04-14 Michael Davidson submitted to the flaws vulnerability bug patch, and is received
2017-09-26 OSS-SEC mailing list promulgated flaws vulnerability bug information
2017-09-27 360CERT announced warning notices
0x05 references
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
https://access.redhat.com/security/vulnerabilities/3189592
https://security-tracker.debian.org/tracker/CVE-2017-1000253
https://www.suse.com/security/cve/CVE-2017-1000253/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.0%

Related for MYHACK58:62201789498