Security experts have found a flaw on Unix-based operating systems which let attackers take the access of a vulnerable computer. The vulnerability is called “Stack Clash”. According to Qualys, a security firm that discovered the bug, Stack Clash is a vulnerability in the memory management of Unix-based operating systems and can be exploited to corrupt memory and execute arbitrary code.
According to the website Unix-bases systems such as Linux, OpenBSD, NetBSD, FreeBSD, or Solaris, on i386 or amd64 are affected by the vulnerability and other operating systems and architectures may be vulnerable too.
The company has developed seven exploits and seven proofs of concept for this weakness and released patches and recommended immediate patching of these vulnerabilities. The security experts have advised the Unix-based operating systems administrators to install patches or take other protective actions as soon as possible.
The “Stack Clash” was first exploited in 2005 and again in 2010. Linux introduced a protection against the exploits but the new stacks are widespread and exploitable even after the stack guard-protection. The vulnerability is named “Stack Clash” because the first step in exploiting this vulnerability is to collide, or clash, the stack with another memory region and hence its called as “Stack Clash”.
Each program running on a computer uses a memory region known as “Stack” which grows automatically when the program needs more memory or space. If it expands too much and gets closer to another memory region, the program may confuse the stack memory with the other memory region. This confusion can be exploited by an attacker to change the stack memory or overwrite it with the other data.
No comments:
Post a Comment