Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

itman · Jun 19, 2017

Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root.

Major Linux and open source distributors have made patches available today, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system.
Click to expand...

https://threatpost.com/stack-clash-vulnerability-in-linux-bsd-systems-enables-root-access/126355/

itman · Jun 19, 2017

I want to write my own Stack Clash exploit, where do I start?
You should try to implement the local-root exploit against Exim on i386 Debian: it is by far the easiest and most representative Stack Clash exploit.

Is the Sudo vulnerability Qualys published on May 30 related to Stack Clash?
https://www.qualys.com/2017/06/14/cve-2017-1000367/cve-2017-1000367.txt https://www.qualys.com/2017/06/14/cve-2017-1000367/linux_sudo_cve-2017-1000367.c

If CVE-2017-1000367 is combined with the Stack Clash, any local user (not just Sudoers) can exploit Sudo to obtain full root privileges on any vulnerable Linux system (not just SELinux systems). Because CVE-2017-1000367 was exploitable independently of the Stack Clash, we (and the affected vendors) decided to not wait for the June 19 Coordinated Release Date and published it on May 30.
Click to expand...

https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash

lotuseclat79 · Jun 20, 2017

Serious privilege escalation bug in Unix OSes imperils servers everywhere

“Stack Clash” poses threat to Linux, FreeBSD, OpenBSD, and other OSes.
Click to expand...

-- Tom

NormanF · Jun 20, 2017

Debian is not affected by the sudo vulnerability because sudo is not installed by default.

Ubuntu on the other hand does run sudo.

SuperSapien · Jun 21, 2017

I first read about it hear: https://www.bleepingcomputer.com/ne...nts-root-access-on-linux-and-other-unix-oses/
BTW would Firejail provide any protection from this exploit?

ronjor · Jun 21, 2017

'Stack Clash' Smashed - Security Fix in Linux

Kelly Jackson Higgins 6/21/2017
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
Click to expand...

summerheat · Jun 22, 2017

SuperSapien said: ↑

I first read about it hear: https://www.bleepingcomputer.com/ne...nts-root-access-on-linux-and-other-unix-oses/
BTW would Firejail provide any protection from this exploit?
Click to expand...

I think so. First, sudo and su (and other important stuff) are blacklisted in disable-common.inc. Second, seccomp and nonewprivs should prevent privilege escalation. Third, many profiles (e.g. for Firefox) contain noexec ${HOME} and noexec /tmp which means that those folders are mounted noexec, nodev and nosuid so execution of malware should be blocked in the first place.

Log in or Sign up

Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

itman Registered Member

itman Registered Member

lotuseclat79 Registered Member

NormanF Registered Member

SuperSapien Registered Member

ronjor Global Moderator

summerheat Registered Member

Log in or Sign up

Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

itman Registered Member

itman Registered Member

lotuseclat79 Registered Member

NormanF Registered Member

SuperSapien Registered Member

ronjor Global Moderator

summerheat Registered Member

Useful Searches