Linux Today: Linux News On Internet Time.





More on LinuxToday


Stack Clash Vulnerability Exploits Linux Stack Guard

Jun 20, 2017, 10:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

In 2010, Linux kernel developers added a new memory stack protection capability called Stack Guard to help limit the risk of a vulnerability identified as CVE-201-2240.

As it turns out, the Stack Guard mitigation isn't entirely complete, according to security firm Qualys, potentially enabling a local attacker to escalate privileges. Qualys is calling the Stack Guard flaw Stack Clash, which actually refers to two specific vulnerabilities including CVE-2017-1000364 for the Linux kernel and CVE-2017-10000366 for glibc.

Complete Story