I have a kernel version 2.6.32-279. In order to fix the stack clash vulnerability(CVE-2017-1000364), I have back ported patch from kernel-2.6.32-696 to 2.6.32-279. Also the glibc package was upgraded to 2.12-1.209.el6.1_1alcy.i686.rpm. When qualys guard vulnerability scan was done it reports CVE-2017-100364 is not solved and vulnerability exists.
From the linkHow does vulnerability scanning work? , I read "The scanner first tries to check the version of the service in order to detect only vulnerabilities applicable to this specific service version. Every vulnerability detection is non-intrusive, meaning that the scanner never exploits a vulnerability if it could negatively affect the host in any way."
Does it mean if the until I upgrade to kernel version where vulnerability is officially fixed, qualys guard will continue to report this vulnerability exists?
Any suggestions/clarifications to resolve this will be appreciated.
Qualys will report vulnerability as long as you don't have official fixed version of kernell implemented. You need take care do you have additional programs which are vulnerable on the same vulnerability in use on the maschine.