Stack Clash Vulnerability
Stack Clash is a vulnerability that affects memory management of Unix-based operating systems. Attackers exploit this vulnerability by corrupting memory by stacking with another memory region in the system and executing an arbitrary code. These exploits are Local Privilege Escalations where the attacker can exploit the stash vulnerability and obtain full root privileges.
Severity
- Critical
CVE
- CVE-2017-1000364
- CVE-2017-1000365
- CVE-2017-1000367
Impacted Operation Systems
- Several Unix-based operating systems including:
-
- Linux
- OpenBSD
- NetBSD
- FreeBSD
- Solaris on i386 and amd64
Recommended Actions
Please apply the latest updates and patches immediately if you are an administrator of a multi-user Linux/BSD system. Other systems can be patched on the monthly cycle.
More Information
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt