Linux PIE/stack corruption (CVE-2017-1000253) Bug and Security Vulnerability

About CVE-2017-1000253 Bug:

This issue is related to the Linux kernel loaded Executable and Linkable Format (ELF) executables. If an ELF application was built as Position Independent Executable (PIE), the loader can allow part of that application’s data segment to map over the memory area reserved for its stack.
It  can cause memory corruption and may allow an unprivileged local user to gain privileged access using Set owner User ID (SUID) or privileged flawed PIE binary.

To exploit this hole PIE’s .dynamic section is smashed with a stack-based string operation which can force the dynamic linker to load and execute their own shared library.

What is impacted :

What you can do ?

As this was reported two years back as bug and now classified as a security vulnerability , patches are available to patch the kernel or install a patched kernel from here :

Leave a Reply

Your email address will not be published. Required fields are marked *