CVE-2017-1000364

HIGH

Linux Kernel <4.11.5 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-1000364. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits the Stack Clash vulnerability (CVE-2017-3630) in Solaris RSH to achieve local privilege escalation by uploading and executing Qualys' Solaris_rsh.c exploit, which bypasses the stack guard page to create a SUID root shell.

Description

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Exploits (1)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalsolaris
https://www.exploit-db.com/exploits/45625

This Metasploit module exploits the Stack Clash vulnerability (CVE-2017-3630) in Solaris RSH to achieve local privilege escalation by uploading and executing Qualys' Solaris_rsh.c exploit, which bypasses the stack guard page to create a SUID root shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Oracle Solaris 11.1 and 11.3 (x86)
No auth needed
Prerequisites: gcc installed · RSH binary setuid · writable directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (25)

Core 25
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1491
Third Party Advisory, VDB Entry x_refsource_confirm
https://access.redhat.com/security/cve/CVE-2017-1000364
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1486
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1489
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1490
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45625/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1482
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1647
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1616
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1712
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1483
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1487
Issue Tracking, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99130
Third Party Advisory x_refsource_confirm
https://www.suse.com/support/kb/doc/?id=7020973
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1567
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1484
Third Party Advisory x_refsource_confirm
https://www.suse.com/security/cve/CVE-2017-1000364/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3886
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038724
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1485
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1488

Scores

CVSS v3 7.4
EPSS 0.0309
EPSS Percentile 87.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
linux/linux_kernel < 4.11.5
Published Jun 19, 2017
Tracked Since Feb 18, 2026