l2dy
commented
7 years ago Exim needs to be patched, https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21.
Closed l2dy closed 4 years ago
l2dy
commented
7 years ago Exim needs to be patched, https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21.
MingcongBai
commented
7 years ago Is anything else listed above fixed?
MingcongBai
commented
7 years ago (Sorry shouldn't have pressed ^Enter so quickly...)
When we come up with a list to work with, we should separate this issue for each specific package, so it will be easier to assign AOSA and keep track of them.
l2dy
commented
7 years ago But these issues are closely related, like #693.
MingcongBai
commented
7 years ago Guess you have a point...
l2dy
commented
7 years ago https://access.redhat.com/security/cve/cve-2017-1000366
This is a glibc-side mitigation. For a related kernel mitigation please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000364 .
cthbleachbit
commented
7 years ago @l2dy seems like this thing exists in everything...
MingcongBai
commented
7 years ago @l2dy Issue fixed for Exim at ae891651de30053d5b6534d50067e18b6a4bf59d, could you assign an AOSA for this?
l2dy
commented
7 years ago Use AOSA-2017-0096 for exim.
MingcongBai
commented
6 years ago Any updates?
MingcongBai
commented
5 years ago Should we keep going with this issue? @l2dy
MingcongBai
commented
5 years ago @l2dy Should we keep going with this issue? Without a clear progress indicator it is difficult to track everything...
l2dy
commented
4 years ago Closing. Please open new issues if there is more to be done.
Some of these are already fixed, some are not.
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
To illustrate our findings, we developed the following exploits and proofs-of-concepts:
a local-root exploit against Exim (CVE-2017-1000369, CVE-2017-1000376) on i386 Debian;
a local-root exploit against Sudo (CVE-2017-1000367, CVE-2017-1000366) on i386 Debian, Ubuntu, CentOS;
an independent Sudoer-to-root exploit against CVE-2017-1000367 on any SELinux-enabled distribution;
a local-root exploit against ld.so and most SUID-root binaries (CVE-2017-1000366, CVE-2017-1000370) on i386 Debian, Fedora, CentOS;
a local-root exploit against ld.so and most SUID-root PIEs (CVE-2017-1000366, CVE-2017-1000371) on i386 Debian, Ubuntu, Fedora;
a local-root exploit against /bin/su (CVE-2017-1000366, CVE-2017-1000365) on i386 Debian;
a proof-of-concept that gains eip control against Sudo on i386 grsecurity/PaX (CVE-2017-1000367, CVE-2017-1000366, CVE-2017-1000377);
a local proof-of-concept that gains rip control against Exim (CVE-2017-1000369) on amd64 Debian;
a local-root exploit against ld.so and most SUID-root binaries (CVE-2017-1000366, CVE-2017-1000379) on amd64 Debian, Ubuntu, Fedora, CentOS;