Patch Management

Stack Clash exploits spotted in Linux, OpenBSD, NetBSD, FreeBSD and Solaris

June 19, 2017

Qualys researchers spotted a Stack Clash vulnerability in several operating systems which can be exploited by attackers to corrupt memory and execute arbitrary code.

Researchers developed seven proof of concept exploits that affect Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64, according to a June 19 blog post. It's possible other untested operating systems and architectures are also vulnerable to the exploits but have not yet been tested.

“An attacker who has any kind of access to an affected system can exploit the Stack Clash vulnerability and obtain full root privileges,” the post said.

The primary vulnerability, CVE-2017-1000364, demonstrates that a stack guard-page of a few kilobytes is insufficient. It's unclear if the vulnerabilities can be exploited remotely however, researchers didn't rule out the possibility but said local exploitation will always be easier and remote exploitation will be very application-specific.

The bugs have since been disclosed and users are encouraged to update their systems as soon as possible. 

prestitial ad