Main Vulnerability Database Exploits ID:1535 - Exploit for Memory corruption in Linux kernel - CVE-2017-1000364

ID:1535 - Exploit for Memory corruption in Linux kernel - CVE-2017-1000364

Published: March 18, 2020

Vulnerability identifier: #VU7131

Vulnerability risk: Medium

CVE-ID: CVE-2017-1000364

CWE-ID: CWE-119

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/solaris/local/rsh_stack_clash_priv_esc

Vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to memory management errors in implementation of various functions under multiple operating systems. A local or remote attacker can trigger the affected application to process specially crafted data, trigger memory corruption and execute arbitrary code on the target system. The vulnerability is dubbed by Qualys researchers as “Stack Clash”.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update Linux kernel to version 4.11.6.

ID:1535 - Exploit for Memory corruption in Linux kernel - CVE-2017-1000364

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human