Serious Stack Clash Bug Affects Linux Systems

By

Linux vendors have fixed the bug and the patch is already available.

Security researchers at Qualys have discovered an old vulnerability in Linux systems that can be exploited executing arbitrary code on system.

The flaw is related to the way the computer uses the stack (a special memory region). As the programs need more memory, this region grows and can come close to another stack. This vicinity may confuse the program with other memory regions.

“An attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system,” Red Hat explained in a security advisory.

The vulnerability has been christened Stack Clash and assigned CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc. 

Ironically this jump is not a new problem, it has been around for more than a decade now and was exploited earlier in 2005 and 2010. Linux fixed the issue by adding a protection called stack guard-page after the 2010 exploit.

“Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa),” wrote Red Hat.

However, Qualys discovered that despite stack guard-page protection stack clashes are still exploitable.

Qualys worked closely with Linux vendors to develop patches. The company also managed to develop seven exploits and seven proofs of concept for this weakness to help write patches.

06/20/2017
Serious Stack Clash Bug Affects Linux Systems

Related content

  • CloudStack Up Close
    All the great open source cloud solutions have similar goals, but they all have different histories, different communities, and some subtly different areas of emphasis. We asked CloudStack VP Chip Childers about how Apache CloudStack fits in.
  • CloudStack's Chip Childers

    CloudStack is a versatile cloud alternative that runs in data centers around the world but never seems to get as much press as the ever-popular OpenStack. We talked with CloudStack VP Chip Childers on the state of the CloudStack project and the road into the cloud.

  • NFS and CIFS shares for VMs with OpenStack Manila
    The OpenStack Cinder module is responsible for block storage, but it doesn't know what to do with popular shared filesystems. Now with the Manila module, you can manage and use NFS and CIFS as resources.
  • Exploring Apache CloudStack
    Apache's CloudStack offers flexibility and some powerful networking features.
  • The new OpenStack version 2014.1 alias "Icehouse"
    The new OpenStack version "Icehouse" comes with new features and new components, on top of numerous improvements to existing components.
comments powered by Disqus