A very serious flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system.
Is it a new vulnerability?
The idea of clashing the stack with another memory region is not new: it was exploited a first time in 2005 and a second time in 2010. After the 2010 exploit, Linux introduced a protection against such exploits: the so-called stack guard page CVE-2010-2240.
What is a Stack Guard Page?
Access to the stack guard page triggers a trap, so it serves as a divider between a stack memory region and other memory regions in the process address space so that sequential stack access cannot be fluently transformed into access to another memory region adjacent to the stack (and vice versa).
However, the Security experts of Qualys found different ways to reintroduce CVE-2010-2240 – mainly because developers weren’t building their code with sufficient stack protection checks.
How to fix the Stack Guard Security Vulnerability?
1. You can initiate a full yum update using the below command:
yum update reboot
2. Update the kernel and glibc packages:
yum update "kernel*" yum update "glibc"
Debian or Ubuntu Linux:
Update the server using the following command:
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade reboot
Suse Enterprise Linux or Opensuse Linux
sudo zypper patch sudo reboot
SUSE OpenStack Cloud 6
sudo zypper in -t patch SUSE-OpenStack-Cloud-6-2017-996=1 sudo reboot
SUSE Linux Enterprise Server for SAP 12-SP1
sudo zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-996=1 sudo reboot
SUSE Linux Enterprise Server 12-SP1-LTSS
sudo zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-996=1 sudo reboot
SUSE Linux Enterprise Module for Public Cloud 12
sudo zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-996=1 sudo reboot