Linux PIE/stack corruption (CVE-2017-1000253) Bug and Security Vulnerability

About CVE-2017-1000253 Bug:

This issue is related to the Linux kernel loaded Executable and Linkable Format (ELF) executables. If an ELF application was built as Position Independent Executable (PIE), the loader can allow part of that application’s data segment to map over the memory area reserved for its stack.
It  can cause memory corruption and may allow an unprivileged local user to gain privileged access using Set owner User ID (SUID) or privileged flawed PIE binary.

To exploit this hole PIE’s .dynamic section is smashed with a stack-based string operation which can force the ld.so dynamic linker to load and execute their own shared library.

What is impacted :

What you can do ?

As this was reported two years back as bug and now classified as a security vulnerability , patches are available to patch the kernel or install a patched kernel from here :
https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *