Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Submission + - Stack Clash Linux Flaw Enables Root Access; Patch Now (threatpost.com)

msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root.

Major Linux and open source distributors have made patches available today, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.

The vulnerability was found in the stack, a memory management region on these systems. The attack bypasses the Stack guard-page mitigation introduced in Linux in 2010 after attacks in 2005 and 2010 targeted the stack.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Stack Clash Linux Flaw Enables Root Access; Patch Now

Comments Filter:

If I were a grave-digger or even a hangman, there are some people I could work for with a great deal of enjoyment. -- Douglas Jerrold

Working...