Stack Clash Vulnerability – Jun 19, 2017 – 15:30 PT

Stack Clash Vulnerability

Stack Clash is a vulnerability that affects memory management of Unix-based operating systems. Attackers exploit this vulnerability by corrupting memory by stacking with another memory region in the system and executing an arbitrary code.  These exploits are Local Privilege Escalations where the attacker can exploit the stash vulnerability and obtain full root privileges.

Severity

  • Critical

CVE

  • CVE-2017-1000364
  • CVE-2017-1000365
  • CVE-2017-1000367

 

Impacted Operation Systems

  • Several Unix-based operating systems including:
    • Linux
    • OpenBSD
    • NetBSD
    • FreeBSD
    • Solaris on i386 and amd64

Recommended Actions

Please apply the latest updates and patches immediately if you are an administrator of a multi-user Linux/BSD system.  Other systems can be patched on the monthly cycle.

More Information

https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt