[Beowulf] Heads up - Stack-Clash local root vulnerability

Christopher Samuel samuel at unimelb.edu.au
Tue Jun 20 17:21:52 PDT 2017

Hi all,

In the interest of being a good citizen there's a new local root
vulnerability for Linux, *BSD and Solaris.


# The Stack Clash is a vulnerability in the memory management of
# several operating systems. It affects Linux, OpenBSD, NetBSD,
# FreeBSD and Solaris, on i386 and amd64.  It can be exploited
# by attackers to corrupt memory and execute arbitrary code.

They list links to various distros information on the issue.

For instance RHEL have released both kernel and glibc updates, but of
course that begs the question of statically linked binaries (yes, I
know, don't do that, but they are common) and containers such as Shifter
& Singularity with older glibc's.

I suspect in those cases you have to rely entirely on the kernel
mitigation of increasing the stack guard gap size.

 Christopher Samuel        Senior Systems Administrator
 Melbourne Bioinformatics - The University of Melbourne
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545

More information about the Beowulf mailing list