Lucene search
K

198 matches found

Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.59 views

RHEL 5 / 6 / 7 : glibc (RHSA-2017:1479)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1479 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name servi...

7.8CVSS7AI score0.02733EPSS
Exploits14References5
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.31 views

Debian DSA-3889-1 : libffi - security update (Stack Clash)

libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture. While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, like for...

7CVSS7.3AI score0.00503EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.50 views

Debian DSA-3887-1 : glibc - security update (Stack Clash)

The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt...

7.8CVSS7.2AI score0.02733EPSS
Exploits14References5
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.140 views

RHEL 7 : glibc (RHSA-2017:1481)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1481 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache...

7.8CVSS7AI score0.02733EPSS
Exploits14References5
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.73 views

RHEL 6 : glibc (RHSA-2017:1480) (Stack Clash)

An update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS7.1AI score0.02733EPSS
Exploits14References4
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.36 views

Scientific Linux Security Update : glibc on SL7.x x86_64 (20170619) (Stack Clash)

Security Fixes : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory...

7.8CVSS7.1AI score0.02733EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.247 views

Amazon Linux AMI : glibc (ALAS-2017-844) (Stack Clash)

Glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

7.8CVSS7.7AI score0.02733EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.95 views

Debian DLA-993-2 : linux regression update (Stack Clash)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitfioctl function which may result into a use-after-free vulnerability, triggerable...

10CVSS7.3AI score0.1081EPSS
Exploits8References14
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.73 views

Ubuntu 17.04 : linux, linux-meta vulnerabilities (USN-3324-1) (Stack Clash)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges CVE-2017-1000364 Roee Hay...

7.8CVSS7.5AI score0.05186EPSS
Exploits10References10
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.65 views

Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was introduced in 2010. CVE-2017-1000364 The offset2lib patch as use...

7.8CVSS6.8AI score0.05186EPSS
Exploits12References3
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.256 views

Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2017-7374 It was discovered that the stack guard page for processes in the Linux kernel was not...

7.8CVSS7.5AI score0.05186EPSS
Exploits10References11
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.94 views

Debian DSA-3886-1 : linux - security update (Stack Clash)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitfioctl function which may result into a use-after-free vulnerability, triggerabl...

10CVSS7.1AI score0.1081EPSS
Exploits8References32
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.43 views

Ubuntu 17.04 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3325-1) (Stack Clash)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges CVE-2017-1000364 Roee Hay...

7.8CVSS7.5AI score0.05186EPSS
Exploits10References10
Qualys Blog
Qualys Blog
added 2017/06/19 5:57 p.m.25 views

Visualizing the Stack Clash Vulnerability with Dashboards

Security teams should apply vendor patches immediately to protect their Linux, OpenBSD, NetBSD, FreeBSD and Solaris infrastructure from The Stack Clash vulnerability also see the security advisory. To help in that effort, this blog post describes a new built-in Qualys AssetView dashboard to...

6.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2017/06/19 4:29 p.m.39 views

CVE-2017-1000379

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected...

7.8CVSS7.1AI score0.01828EPSS
Exploits5References3
Qualys Blog
Qualys Blog
added 2017/06/19 3:14 p.m.1503 views

The Stack Clash

What is the Stack Clash? The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code. Qualys researchers discovere...

7.2CVSS8AI score0.08018EPSS
Exploits15
OpenVAS
OpenVAS
added 2017/06/19 12:0 a.m.36 views

Debian Security Advisory DSA 3888-1 (exim4 - security update)

The Qualys Research Labs discovered a memory leak in the Exim mail transport agent. This is not a security vulnerability in Exim by itself, but can be used to exploit a vulnerability in stack handling. OpenVAS Vulnerability Test $Id: deb3888.nasl 6618 2017-07-07 14:17:52Z cfischer $ Auto-generate...

2.1CVSS0.0053EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/06/19 12:0 a.m.30 views

Debian Security Advisory DSA 3887-1 (glibc - security update)

The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. OpenVAS Vulnerability Test $Id: deb3887.nasl 6618 2017-07-07 14:17:52Z cfischer $ Auto-generated from advisory DSA 3887-1 using nvtgen 1.0...

7.2CVSS0.6AI score0.02733EPSS
Exploits14References1
Rows per page
Query Builder