The Stack Clash: Patch this critical vulnerability affecting all Linux operating systems
If you are have any machines running Linux, OpenBSD, NetBSD, FreeBSD or Solaris operating systems, on i386 or amd64, you should patch the system as soon as possible to prevent abuse of a local privilege escalation bug called The Stack Clash. Following responsible disclosure, all of the vulnerable systems should have the necessary patches made available today.
The exploit works by "colliding, or clashing, the stack with another memory region," allowing the execution of arbitrary code to occur if an attacker has access to your local file system already as an unprivileged user.
More information can be found here:
- https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
voted, resteemed, followed
I want to emphasize this is only an issue if an attacker manages to gain login access to your system. Although I totally agree this vulnerability should be given a high priority & fixed by applying the appropriate patches, it would be more concerning to learn login access to my systems were possible that are a prerequisite for the "stack-clash" exploit to be performed.
Additionally it may take a few days for your distro to provide the patch for your OS version.
Let this be a wakeup call to those of you who haven't secured your systems by A) denying root ssh access and B) allowing only public key logins. Those of course are only 2 of the many other precautions all node operators should have in place. Make sure all unessential network listeners are disabled, and you use fail2ban on any open ports.
I also highly recommend you employ the api_access control for your cli_wallet, and only expose the rpc-endpoint to the network through a proxy or not at all externally.
Great share and definitely important for me...time to do some research. Thank you for the heads up!
Thanks for the warning! You never know what new exploits are going to pop up. It's always nice to have people like you monitoring them and keeping us safe :)
Good article, thank you. I never trusted Linux, you finally armed me. But I really liked your Super Task subscribed to your blog. I, too, want to make the world better, you're done! "Working to build a beautiful and free future for all people on Earth." @robrigo
Thanks for this security advise...Will do so
@robrigo how will i know dt my system is vulnerable to this exploit
If you're running a linux distro it will be vulnerable. Update your system and you should be good to go!
Thanks buddy an upvote will be very helpful
Great post man!
I was trying to install Linux today. Now I'm hesitating. :P
So long as you fully patch the machine you should be good to go!
Congratulations @robrigo! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of upvotes
Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
By upvoting this notification, you can help all Steemit users. Learn how here!