H3C Security Vulnerability-Linux Kernel Stack Clash-CVE-2017-1000364
04-02-2021【Summary】
The vulnerability is due to a stack conflict in operating system memory management that affects Linux, FreeBSD and OpenBSD, NetBSD, Solaris, i386 and AMD64, which can be exploited by attackers to corrupt memory and execute arbitrary code.
【Impact】
An attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system.
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
Wireless AC/AP | All | Upgrade to CMW710-R5224 |
SR88x/CR16K | All | TBC before Oct 31,2018 |
CR19000/CR16000-X | All | TBC before Oct 31,2018 |
H3Cloud OS | All | Upgrade to CloudOS E1138H02 |
vBRAS | All | Upgrade to CMW710-E0519 |
vLNS | All | Upgrade to CMW710-E0519 |
【Temporary Fix】
None
【Revision History】
2018-08-24 V1.0 INITIAL
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.