Stack Clash: A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered
Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to escalate their privileges to root, potentially leading to a full system takeover.
Each program uses a special memory region called the stack, which is used to store short-term data. It expands and contracts automatically during the execution of any program. A malicious program can attempt to use more memory space than available on the stack, which could overflow the memory, causing it to collide or clash with nearby memory regions and overwrite their content.
Moreover, the Stack Clash exploit can also bypass the stack guard-page, a memory management protection introduced in 2010, after this issue was exploited in 2005 and 2010. The Stack Clash vulnerability requires local access to the vulnerable system for exploitation. Attackers can also combine the Stack Clash bug with other critical vulnerabilities, like the Sudo vulnerability recently patched, and then run arbitrary code with the highest privileges, said Qualys researchers.
Many affected vendors have already issued security patches for the bug, so users and administrators are advised to install patches a soon as possible. It is also recommended to recompile all userland code (ld.so, libraries, binaries) with the –fstack-check feature. This would prevent the stack pointer from moving into another memory region without accessing the stack guard-page and would kill Stack Clash dead.