OVAL Reference oval:com.ubuntu.trusty:def:20171000364000

Oval Definition:

oval:com.ubuntu.trusty:def:20171000364000

Revision Date:	2017-06-19	Version:	1
Title:	CVE-2017-1000364 on Ubuntu 14.04 LTS (trusty) - high.
Description:	An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2017-1000364
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-121.170'). OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2'). OR NOT While related to the CVE in some way, the 'linux-azure' package in trusty is not affected (note: '4.15.0-1023.24~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR The 'linux-lts-xenial' package in trusty was vulnerable but has been fixed (note: '4.4.0-81.104~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').

BACK