Serious Stack Clash Bug Affects Linux Systems

By

Linux vendors have fixed the bug and the patch is already available.

Security researchers at Qualys have discovered an old vulnerability in Linux systems that can be exploited executing arbitrary code on system.

The flaw is related to the way the computer uses the stack (a special memory region). As the programs need more memory, this region grows and can come close to another stack. This vicinity may confuse the program with other memory regions.

“An attacker could use this flaw to jump over the stack guard page, causing controlled memory corruption on the process stack or the adjacent memory region, thus increasing their privileges on the system,” Red Hat explained in a security advisory.

The vulnerability has been christened Stack Clash and assigned CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc. 

Ironically this jump is not a new problem, it has been around for more than a decade now and was exploited earlier in 2005 and 2010. Linux fixed the issue by adding a protection called stack guard-page after the 2010 exploit.

“Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa),” wrote Red Hat.

However, Qualys discovered that despite stack guard-page protection stack clashes are still exploitable.

Qualys worked closely with Linux vendors to develop patches. The company also managed to develop seven exploits and seven proofs of concept for this weakness to help write patches.

06/20/2017
Serious Stack Clash Bug Affects Linux Systems

Related content

comments powered by Disqus