Security News > 2017 > June > Stack Clash bug could give root privileges to attackers on Unix, Linux systems (Help Net Security)

Stack Clash bug could give root privileges to attackers on Unix, Linux systems (Help Net Security)
2017-06-20 21:37

Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to develop patches since May. As the patches have been pushed out, Qualys went public with the information, and urged users to implement them as soon as possible. The vulnerability (CVE-2017-1000364) The vulnerability has been dubbed Stack Clash, because it is triggered when the attackers forces an application’s stack to … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/QtVIFBjpcnU/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-06-19 CVE-2017-1000364 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
local
high complexity
linux CWE-119
6.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 384 2365 1508 667 4924
Unix 1 1 18 6 11 36