Vulnerability Description
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netbsd | Netbsd | <= 7.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99257Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42272/
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txtExploitThird Party Advisory
- http://www.securityfocus.com/bid/99257Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42272/
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txtExploitThird Party Advisory
FAQ
What is CVE-2017-1000375?
CVE-2017-1000375 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This af...
How severe is CVE-2017-1000375?
CVE-2017-1000375 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-1000375?
Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Netbsd.