meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, June 20th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 20 June 2017

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Stack Clash Vulnerablitiy;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, June 20th, 2017 edition of the Sands and its Storm Center's

0:06.5

Stormcast. My name is Johannes Ulrich, and the time I'm recording from Minneapolis, Minnesota.

0:13.2

Qualis today released details regarding privilege escalation vulnerability that Qualis calls StackClash.

0:22.3

Now, typically, per which escalation vulnerabilities don't excite me that terribly much.

0:28.1

What's interesting here is that a number of different Unix-based operating systems are affected.

0:35.1

So it's not just Linux.

0:41.5

It's also OpenBSD, NetBSD, FreeBSD, and Solaris as far as it's running on an I-386 or AMD-64 architecture.

0:51.3

Now interestingly, the fundamental problem isn't actually new. It was originally

0:55.7

found in 2005, and Qualis also refers to that particular discovery. And what's happening here

1:04.5

is that as software needs more space on the stack, the stack will sort of automatically increase in size,

1:12.8

but it may eventually clash or override existing heap memory,

1:19.4

and that leads then to approach escalation

1:22.3

where a user's stack grows over heap from another process,

1:31.3

and as a result, arbitrary code could be executed. Now it is an old vulnerability back from 2005 and actually then in 2010 other variations of it were discovered.

1:39.3

Why is this still in news?

1:42.3

The interesting thing is that Qualis came up with ways to bypass the security

1:48.5

mechanism that was implemented originally. Essentially, what was implemented to prevent this from

1:54.3

happening is what's called a Stackguard page. Stackguard is a memory area just below the stack that will essentially be used as

2:04.4

a sensor to detect if the stack is growing. So if the stack is expanded into this memory,

2:11.4

that's a sign that the stack needed more memory and the operating system can deal with it.

2:16.6

What Qualis found out is that if you trigger an expansion of the stack that exceeds the size of that stack guard page, then the stack is extended to a memory page that's no longer covered by this stack guard and that way it goes undetected and you may again run into

2:38.1

heap memory and overwrite it and you're back to a privilege escalation.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.