On June 19, 2017 Qualys published details on a security vulnerability that’s now known as Stack Clash. The vulnerability is related to the memory management of Linux and other flavors of Unix. The most common attack vector for this vulnerability is via a local attacker, however a network enabled service may be vulnerable as well.
How does Stack Clash work?
Operating systems manage memory for the various programs that it tries to run. If the memory for a program (colloquially known as a “stack” if managed by the kernel or “heap” if managed by the program) is mismanaged, it can “clash”, “jump” or “smash” other program’s stack. Most Unix flavors have implemented stackguard (or a similar system) in response to CVE-2010-2240.
However, Stack Clash circumvents these memory protections by not accessing memory sequentially as covered by previous Common Vulnerabilities and Exposures (CVEs). We encourage you to read through the exploits described in the Qualys bulletin; it’s worth the read.
Who is impacted?
This vulnerability is present in the following types of operating systems: Linux, OpenBSD, NetBSD, FreeBSD and Solaris on i386 or amd64. (Please note that the MacOS may be vulnerable too).
Verizon Digital Media Services has taken the necessary steps to mitigate this vulnerability on impacted systems.
What should I do?
If your infrastructure uses the above mentioned operating systems, then you are likely affected. Most of the affected vendors already have patches available, and we strongly recommend you update your system with the latest patches. Please refer to the list of security advisories by the affected OS vendors below.
Please reach out to your account team or the Verizon Digital Media Services support team at email@example.com or +1(877)334-3236 if you have further questions regarding the Stack Clash.
Qualys original blog post disclosing the Stack Clash vulnerability: https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
Full details on the vulnerability by Qualys: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Security advisories by OS vendors