Stack Clash Vulnerability Exploits Linux Stack GuardJun 20, 2017, 10:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)
In 2010, Linux kernel developers added a new memory stack protection capability called Stack Guard to help limit the risk of a vulnerability identified as CVE-201-2240.
As it turns out, the Stack Guard mitigation isn't entirely complete, according to security firm Qualys, potentially enabling a local attacker to escalate privileges. Qualys is calling the Stack Guard flaw Stack Clash, which actually refers to two specific vulnerabilities including CVE-2017-1000364 for the Linux kernel and CVE-2017-10000366 for glibc.
0 Talkback[s] (click to add your comment)