Stack Clash - A New Vulnerability to Gain Illegal Root Access
Global security giant Qualys, had recently released a study which states that Linux and UNIX systems are riddled with holes which can be easily exploited by cyber criminals to gain root access.
It has been found that, a miscreant can effortlessly pull off a ‘ ’ Stack Clash’ ’ &ndash the name given for the attack since it can jump between adjacent stacks to infiltrate computers. Stack Clash is a vulnerability which targets the memory management of several operating systems which includes Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. Other operating systems may also be vulnerable to the attack, but they are yet to be tested. The attackers can corrupt memory and execute arbitrary code.
Qualys explains about the outbreak of the vulnerability as follows: An application’ s stack which holds short term data in memory sneaks into the memory of another area termed as heap, which holds a large amount of information. If you manipulate the content available on heap, by feeding carefully crafted data to the program, you can easily overwrite parts of the stack and hijack the flow of execution within the application. Alternatively, you can extend the stack down into the heap, and tamper with important data structures.
Qualys further states that, if the program has root privileges during the attack, a cyber-criminal can take control of the whole system as an administrator via the trusted app. All these effects of Stack-Attack have been brought to light by Qualys only a month ago. It is interesting to note that the issue was first noted by a security researcher in 2005, and resurfaced again in 2010 on Xorg server which runs on Linux. Although team Linux has addressed and tried to rectify these issues at both the stages, products based on the OS are still riddled with security holes ripe for exploit. While addressing about the issue, Jimmy Graham, director of product management at Qualys said, “ The concept isn' t new, but this specific exploit is definitely new.”
Qualys and Red Hat have already issued an advisory to mitigate the attack in their respective pages. Red Hat has said that while mitigation is possible in the meantime by setting the hard RLIMIT STACK and RLIMIT_AS of local users and remote services to a low value, this may cause performance issues as it creates overlapping values in /proc/meminfo. However, this is unlikely to impact normal operations and a patch to resolve these problems may be released at a later date.
Comments ( 0 )
No comments available