#VU7237 Security restrictions bypass in Linux kernel - CVE-2017-1000365,CVE-2017-7482
Published: June 29, 2017 / Updated: July 11, 2017
Vulnerability identifier: #VU7237
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1000365,CVE-2017-7482
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to the failure to take the argument and environment strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size) into account when imposing a size restriction. A local attacker can bypass security limitation and perform unauthorized actions.
Successful exploitation of the vulnerability results in access to the system.
The weakness exists due to the failure to take the argument and environment strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size) into account when imposing a size restriction. A local attacker can bypass security limitation and perform unauthorized actions.
Successful exploitation of the vulnerability results in access to the system.
Remediation
Update to version 4.11.6.