'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com) 46
msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors made patches available Monday, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.
The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.
Remote exploits are the real problem though. This is not a remote exploit.
How do I actually "upgrade" my Linux. (Score:2)
Sorry if this is a dumb question but I'm pretty sure there's a lot of people with the same question.
I'm comfortable with apt-get but that's just upgrading all the softwares other than the operating system. How do I actually upgrade my OS?
My usage pattern tends to be, do a clean install of linux, install all the packages I need, edit the configuration files as I need them. Then use it till I buy a new computer only upgrading the installed packages. Then I start over. I never have actually pathced my Linu
I'm comfortable with apt-get but that's just upgrading all the softwares other than the operating system. How do I actually upgrade my OS?
My usage pattern tends to be, do a clean install of linux, install all the packages I need, edit the configuration files as I need them. Then use it till I buy a new computer only upgrading the installed packages. Then I start over. I never have actually pathced my Linux or installed an "upgrade". I'm terrified it would break all my packages.
Actually "apt-get upgrade" will also get the latest kernel as well.
The only real difference is that you need to reboot into the new kernel, a step never needed for just upgrading software packages.
That's all you need to do to patch your system against this specific vulnerability.
But if by "OS" you mean "distribution version" instead of "kernel" (IE going from Debian 7 to Debian 8), you first do an "apt-get upgrade" like normal, and afterwards do an "apt-get dist-upgrade"
However you are correct that a dist-u
This being a kernel issue, the kernel package is what gets updated. You use the same apt upgrade command to update linux-image as everything else. You've probably already done so several times without even noticing - aside from the need to reboot afterwards.
Here's the Ubuntu page on the defect, along with instructions if you need them.
https://www.ubuntu.com/usn/usn... [ubuntu.com]
Interesting, makes me wonder (Score:1)
Re: Interesting, makes me wonder (Score:2, Interesting)
It's only on specific processor types, which indicates the flaw is in the chips' instruction set and the OS patch is a mitigation.
It's an ABI flaw, not a instruction set flaw.
The real fix would be in the compiler and recompiling all libraries and binaries.
So yes, the kernel fix is "mitigation", because doing the real thing will take much longer.
Very interesting that the major flavors (Sys V, BSD, and Linux [which I consider a rewrite of Sys V]) are vulnerable. Sounds like a deep seated logic flaw there. Wonder if other vendor specific ones (IRIX, SunOS, Ultrix, AIX, etc) are vulnerable.
I'm actually still wondering if any of the above except Linux actually are vulnerable.
Only the "threatpost.com" article claims so, and of course the copy/pasted slashdot summary.
But the security researchers quoted in that very article explicitly say they discovered this in Linux, and nothing else.
The CVE issued explicitly says Linux kernels from 3.0 to 4.11.5 as well, no CVEs for other kernels or OSes.
Also the vulnerability in Linux only applies to Intel x86 and amd64 architectures, and it has been proven n
requires local access (Score:2)
This exploit still requires local access to a machine, so it's not as bad as people claim. Unless you're giving random people shell access to your server.
You might not be giving random people shell access to your server, but if they've managed to acquire it through some other means (e.g. a compromised acccount or some other form of compromise) this means that they can pretty much be assured of being able to go from there to root until you install the patch. Not as bad as a remote root exploit, but still very nasty and worth the "Patch Now".
To me privilege separation seems like an area where formal verification could be useful, but so far no one cares enough to really work on it.
You'd need to start with a very simple permission system. For example, Android has so many complex, overlapping, and confusing permissions that holes are easy to find without any thought at all [acolyer.org]. Basic Unix has a very simple permission system so you could probably work with that, Windows is probably too c
I think the important thing is that effectively as soon as it was reported, it was fixed and a patch rolled out.
Linux certainly has flaws and vulnerabilities, just like any major OS.
But by and large, they don't get "solved" by hoping no one exploits them. They actually get fixed, more often than not in a timely manner.
First of all (Score:2)
It is called Stack Smashing and OpenBSD is NOT vulnerable to it!
CVE-2017-1000372 and CVE-2017-1000373 are mentioned in the advisory? Broad statements without facts are not helpful. Try again.
Red Hat Linux... (Score:3)
Red Hat sent out a notification on Monday. Nice to see the Slashdot editors catching up on the news this weekend.
https://access.redhat.com/security/cve/cve-2017-1000364 [redhat.com]
Requires poorly-designed software, basically (Score:1)
Sifting through the CVE and the write-up:
The kernel places an unmappable guard page just below the process's maximum-alloted stack space. Normally a process gets allocated only as much stack space as it needs. When the process's stack usage grows, the kernel maps additional pages to grow the process's stack space, but will not grow it beyond the maximum alloted stack size. If the process enters an infinite recursion loop, it'll hit the end of the alloted stack space, and the unmappable guard page segfaults
