The Complete Magazine on Open Source

Stack Clash vulnerabilities hit Linux

Linux suffers from Stack Clash vulnerabilities

Days after WannaCry ransomware, cyber security researchers have identified several vulnerabilities in Linux system that can compromise root processes in Linux. Called Stack Clash, the new flaws are among the major bugs that can be used to corrupt the memory processes.

As spotted by researchers at security firm Qualys, Stack Clash leverage the loopholes that occur due to the memory region in PC RAM known as a stack. The dynamic area increases with the increase in the demand for stack memory. If the dynamic area becomes too big and gets close to another memory region, the program using the stack gets confused. The bug can corrupt the memory processes of Linux, NetBSD, OpenBSD, FreeBSD and Solaris.

An attacker leverages the confusion within the platform to exploit the system and overwrite stack.

Issues from the past

Qualys investigators highlight that similar vulnerabilities were first discovered in 2005 and then in 2010. Linux team had fixed the issues by introducing guard pages following their reporting in the past. However, the stack clashes are so widespread and exploitable that guard-page protection has failed.

“Unfortunately, a stack guard-page of a few kilobytes is insufficient (CVE-2017-1000364): if the stack-pointer “jumps” over the guard-page — if it moves from the stack into another memory region without accessing the guard-page — then no page-fault exception is raised and the stack extends into the other memory region,” the researchers write in a detailed documentation, highlighting the flaws.

The guard-page protection is designed to prevent sequential stack overflow attacks. But the report by Qualys demonstrates a way to jump over the stack guard-page and smash the stack memory into another process. The firm has reported over seven exploits and proof-of-concept codes.

Attackers are using issues codenamed CVE-2017-1000364, CVE-2017-1000365 and CVE-2017-1000367 to exploit the systems using Stack Clash. These exploits can be used for local privilege escalation as well as, to gain full root privileges from low-level applications.

Patches on way

Red Hat has already issued a security advisory for Stack Clash. Other Linux distribution providers are also likely to follow the same procedure.

In the meantime, users and system administrators on Red Hat Enterprise Linux are recommended to update their systems.