Welcome to WebmasterWorld Guest from 23.20.248.132

Forum Moderators: bakedjake

Featured Home Page Discussion

"Stack Clash" Privilege Escalation Bug in Unix Operating Systems

Patch your systems

     
11:41 am on Jun 21, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24434
votes: 565


Security vulnerabilities have been discovered in a range of nix-based operating systems, and Linux, OpenBSD and FreeBSD are all vulnerable.
It's a known vulnerability going back to 2005, but, despite various protection added to help stop this, the vulnerability is still proven, and, clearly, it's felt that it's worthwhile patching the systems now.
Administrators should patch their systems as soon as possible as the new patches are released. The best bet is to contact the developer and look out for a security advisory or a patch.

Such local privilege escalation vulnerabilities can also pose a serious threat to server host providers because one customer can exploit the flaw to gain control over other customer processes running on the same server. Qualys said it's also possible that Stack Clash could be exploited in a way that allows it to remotely execute code directly.

"This is a fairly straightforward way to get root after you've already gotten some sort of user-level access," Jimmy Graham, director of product management at Qualys, told Ars. The attack works by causing a region of computer memory known as the stack to collide into separate memory regions that store unrelated code or data. "The concept isn't new, but this specific exploit is definitely new." "Stack Clash" Privilege Escalation Bug in Unix Operating Systems [arstechnica.com]
1:44 pm on June 21, 2017 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 25, 2003
posts:1052
votes: 228


I recommend reading - and following links for further reading - The Stack Clash [blog.qualys.com] (is linked to in the Ars Technica article above but a direct link is always useful) especially the Stack Clash security advisory [qualys.com] for the full technical details.
6:35 pm on June 22, 2017 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8499
votes: 225


From the article linked by iamlost:

as of this writing on June 19, 2017, we do not know of any remotely exploitable application. However, remote exploitation of the Stack Clash is not excluded; although local exploitation will always be easier, and remote exploitation will be very application-specific. The one remote application that we did investigate (the Exim mail server) turned out to be unexploitable by sheer luck.


Not to minimize the impact and surely people are looking for exploitable applications like crazy right now, but...
12:37 pm on June 23, 2017 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2662
votes: 86


A remote hole + a local privilege escalation = a remote root hole.

A problem for things like shared hosting, where this might be exploited by a malicious user who has legitimate access OR by a remote attacker who finds a hole in something a user has deployed.