Serious Stack Clash Bug Affects Linux Systems
Security researchers at Qualys have discovered an old vulnerability in Linux systems that can be exploited executing arbitrary code on system.
The flaw is related to the way the computer uses the stack (a special memory region). As the programs need more memory, this region grows and can come close to another stack. This vicinity may confuse the program with other memory regions.
“An attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system,” Red Hat explained in a security advisory.
The vulnerability has been christened Stack Clash and assigned CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc.
Ironically this jump is not a new problem, it has been around for more than a decade now and was exploited earlier in 2005 and 2010. Linux fixed the issue by adding a protection called stack guard-page after the 2010 exploit.
“Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa),” wrote Red Hat.
However, Qualys discovered that despite stack guard-page protection stack clashes are still exploitable.
Qualys worked closely with Linux vendors to develop patches. The company also managed to develop seven exploits and seven proofs of concept for this weakness to help write patches.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.