Stack Clash Vunerability Revealed by Qualys

Researchers from Qualys, a renowned security lab have discovered seven vulnerabilities in Linux and Unix memory management systems. The exploitation of these vulnerabilities could give attackers root access, the ability to corrupt memory or execute an arbitrary code that could leave the user completely helpless. Qualys released reports about the vulnerabilities, and the necessary patches to fix them.

In computer architecture, a stack and a heap are part of memory management.

What Is the Stack

The stack is a region of memory where data is added in a LIFO (last-in-first-out) sequence. When a function is called, some of the data is added to the top of the stack and when the function is over, the data moves towards the bottom of the stack. There are other memory regions besides the stack that demand their space and process. However, when a program demands more memory space from a stack, it makes the stack grow large enough to clash with other memory regions. Usually, this other memory region is the heap where memory is dynamically allocated.

How Does the Clash Happen?

The, ‘clash,’ happens when the stack memory clashes with other memory regions causing confusion as programs now don’t know which memory is storing the data. For an attacker, this is an ideal situation to overwrite the stack memory and manipulate the OS for one stack to take code from another.

The stack clash has been a fairly old vulnerability reported in 2005 and 2010 in Linux, OpenBSD, NetBSD, FreeBSD, and Solaris system but was patched with Linux’s stack guard-page intended to prevent the automatic clashing of memory. Recently though, Qualys’ test has proved that the stack-guard still cannot prevent this exploit resulting in a widespread exploitation of the stack clash.

What Did Qualys Report Reveal?

For the stack clash to work, exploiters make use of the primary vulnerability (CVE-2017-1000364) which forces the stack to collide with another memory region causing corruption. At this point, the stack guard-page is supposed to prevent the collision, but researchers proved that it could easily be over-ride through a, ‘jump’ over command and access the memory region.

There around seven such exploits as Qualys reports, ‘Our primary Stack Clash vulnerability is CVE-2017-1000364 and demonstrates that a stack guard-page of a few kilobytes is insufficient. But during our research we discovered more vulnerabilities: some are secondary and directly related to the primary Stack Clash vulnerability (for example, CVE-2017-1000365), and some are exploitable independently (for example, CVE-2017-1000367).’

How Can Users Stay Protected?

Users can ensure they are safe from the exploitation by updating their system. Researchers at the firm said, ‘The easiest and safest way to protect your system is to update it: we have been working with the affected vendors since the beginning of May, and by the time you read this, their patches and updates will be available.’

In case you are wondering where you can read about the exploits, then you will have to wait a while. The firm will only release the notes once users have patched their systems with the new updates.

Vendors

You can also select the patches for your system by following the vendor list here:

SUSE

https://www.novell.com/support/kb/doc.php?id=7020973

Red Hat

https://access.redhat.com/security/vulnerabilities/stackguard

Debian

https://www.debian.org/security/2017/dsa-3886

https://www.debian.org/security/2017/dsa-3887

https://www.debian.org/security/2017/dsa-3888

https://www.debian.org/security/2017/dsa-3889

Ubuntu

https://www.ubuntu.com/usn/

OpenBSD

https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/008_exec_subr.patch.sig

Oracle Solaris

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html

Farah tries to keep up with the fast-paced tech world by writing about it. She covers latest tech news and writes informative pieces to help her readers make informed decisions about their tech preferences.
BeepWee