CVE-2016-3672

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.

Published : 2016-04-27 17:59 Updated : 2018-10-09 19:59

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
Canonical Ubuntu Linux 15.10 cpe:/o:canonical:ubuntu_linux:15.10
Novell Suse Linux Enterprise Server 12.0 cpe:/o:novell:suse_linux_enterprise_server:12.0
Linux Linux Kernel 4.5.2 cpe:/o:linux:linux_kernel:4.5.2
Novell Suse Linux Enterprise Real Time Extension 12.0 cpe:/o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Novell Suse Linux Enterprise Live Patching 12.0 cpe:/o:novell:suse_linux_enterprise_live_patching:12.0
Novell Suse Linux Enterprise Desktop 12.0 cpe:/o:novell:suse_linux_enterprise_desktop:12.0
Novell Suse Linux Enterprise Workstation Extension 12.0 cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0
Novell Suse Linux Enterprise Software Development Kit 12.0 cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0
Novell Suse Linux Enterprise Module For Public Cloud 12.0 cpe:/o:novell:suse_linux_enterprise_module_for_public_cloud:12.0
  1. Linux (1) Search CVE
    1. Linux Kernel (1) Search CVE
      1. 4.5.2
  2. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 12.04
      2. 15.10
      3. 14.04
  3. Novell (7) Search CVE
    1. Suse Linux Enterprise Server (1) Search CVE
      1. 12.0
    2. Suse Linux Enterprise Real Time Extension (1) Search CVE
      1. 12.0
    3. Suse Linux Enterprise Module For Public Cloud (1) Search CVE
      1. 12.0
    4. Suse Linux Enterprise Software Development Kit (1) Search CVE
      1. 12.0
    5. Suse Linux Enterprise Desktop (1) Search CVE
      1. 12.0
    6. Suse Linux Enterprise Live Patching (1) Search CVE
      1. 12.0
    7. Suse Linux Enterprise Workstation Extension (1) Search CVE
      1. 12.0

CWE

ID Name Description Links
CWE-254 Security Features Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management. CVE

References

Source Link
REDHAT https://access.redhat.com/errata/RHSA-2018:1062
REDHAT https://access.redhat.com/errata/RHSA-2018:0676
BUGTRAQ http://www.securityfocus.com/archive/1/537996/100/0/threaded
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb
MISC http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dis
MISC http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
FULLDISC http://seclists.org/fulldisclosure/2016/Apr/26
DEBIAN http://www.debian.org/security/2016/dsa-3607
BID http://www.securityfocus.com/bid/85884
SECTRACK http://www.securitytracker.com/id/1035506
UBUNTU http://www.ubuntu.com/usn/USN-2989-1
UBUNTU http://www.ubuntu.com/usn/USN-2996-1
UBUNTU http://www.ubuntu.com/usn/USN-2997-1
UBUNTU http://www.ubuntu.com/usn/USN-2998-1
UBUNTU http://www.ubuntu.com/usn/USN-3000-1
UBUNTU http://www.ubuntu.com/usn/USN-3001-1
UBUNTU http://www.ubuntu.com/usn/USN-3002-1
UBUNTU http://www.ubuntu.com/usn/USN-3003-1
UBUNTU http://www.ubuntu.com/usn/USN-3004-1
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1324749
CONFIRM https://github.com/torvalds/linux/commit/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb
EXPLOIT-DB https://www.exploit-db.com/exploits/39669/