Linux, OpenBSD in succession in action: Stack Clash carries authority flaw exposure

科技 06-21 来源: cnBeta.COM

On June 21, 2017 14:4Read draft source 7 times: CnBeta.COM comment

Linux, openBSD, netBSD, freeBSD and Solaris system are exploded to exist very serious memory conflict flaw, allow the system that aggressor gets Root limits of authority and full-fledged member control gets infection. This problem is discovered the earliest by safe supplier Qualys, need to undertake with the stack of other memory areas according to this flaw " collision conflicts " characteristic, name its for " Stack Clash " (stack conflicts) .

The picture comes from at Hacker News

According to the report that Qualys provides, every order that executes on computer can use memory stack, this area is met the requirement according to the program is voluntary augment. But if augment is too much so that too near area of another memory stack, so the program is met by jumble, so the hacker can take the advantage of chaos to cover area of this memory stack.

Means of this kind of attack (CVE-2010-2240) in 2005-2010 year during had been discovered, till Linux system development stack protects a page (Stack Guard-page) dropped this kind of charge considerably, the memory page that this is size of a 4KB is met the stack with current map. Nevertheless Qualys made 7 attack program in newest test, proving form of this kind of protection is completely insufficient.

The main flaw of Stack Clash is CVE-2017-1000364, less important flaw is VE-2017-1000365, still have a CVE-2017-1000367 that can extract independently in addition. The presiding research expert of Risk Based Security of flaw information company expresses: "Qualys means of issuance this kind of attack, the mainest reason is memory stack allocation is OK by a few blame successive means undertakes controlling. Mean can jump over stack to protect a page and operate the memory area of photograph adjacent. Mean can jump over stack to protect a page and operate the memory area of photograph adjacent..

Include a lot of Linux such as Red Hat, Debian, Ubuntu and SUSE to issue an orgnaization already repair this flaw. More more detailed information can visit:

SUSE

Red Hat

Debian

Ubuntu

OpenBSD

Oracle Solaris

[Advertisement] investment privilege enters the mouth:

Make component to the article

[Graph] Linux, OpenBSD in succession in action: Stack Clash carries authority flaw exposure

1 (50% )

1 (50% )

Comment

  •