Revision history [back]

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Patch upstream has to be backported to 3.4.108 (maybe look at debian-wheezy 3.2.89-1 source)...

CVSS v3 Base Score: 9.8 Critical

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Patch upstream has to be backported to 3.4.108 (maybe look at debian-wheezy 3.2.89-1 source)...

CVSS v3 Base Score: 9.8 Critical

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Patch upstream has to be backported to 3.4.108 (maybe look at debian-wheezy 3.2.89-1 source)...

CVSS v3 Base Score: 9.8 Critical

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Patch upstream has to be backported to 3.4.108 (maybe look at debian-wheezy 3.2.89-1 source)...

CVSS v3 Base Score: 9.8 Critical

the |the 2nd part of stack-clash is a glibc vulnerability CVE-2017-1000366 and requires glibc updateupdate| <- released in Jämsänjoki 2.1.1 / Kiiminkijoki 2.1.2

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Patch upstream has to be backported to 3.4.108 (maybe look at debian-wheezy 3.2.89-1 source)...

CVSS v3 Base Score: 9.8 Critical 7.4 High (attack range: local)

|the 2nd part of stack-clash is a glibc vulnerability CVE-2017-1000366 and requires glibc update| <- released in Jämsänjoki 2.1.1 / Kiiminkijoki 2.1.2

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Patch The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

Patches upstream upstream has |1| |2| have to be backported to 3.4.108 (maybe look at debian-wheezy 3.2.89-1 source)...kernel 3.2 backports |1| |2| )...

CVSS v3 Base Score: 9.8 Critical 7.4 7.8 High (attack range: local)

|the 2nd part of stack-clash is a glibc vulnerability CVE-2017-1000366 and requires glibc update| <- released in Jämsänjoki 2.1.1 / Kiiminkijoki 2.1.2