CVE-2016-3672
CVE-2016-3672
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/39669/unverifiedexploitdbwww.exploit-db.com/exploits/39669unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8fecebhttp://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-dishttp://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/182524.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlhttps://access.redhat.com/errata/RHSA-2018:0676https://access.redhat.com/errata/RHSA-2018:1062https://bugzilla.redhat.com/show_bug.cgi?id=1324749