The Stack Clash vulnerability
Shawn Webb
shawn.webb at hardenedbsd.org
Tue Jun 20 13:15:17 UTC 2017
On Tue, Jun 20, 2017 at 08:13:46AM +0000, Vladimir Terziev wrote:
> Hi,
>
> I assume FreeBSD security team is already aware about the Stack Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS.
>
> Just in case here is the analyses document of Qualys:
>
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
FreeBSD is indeed affected. I've written a PoC, which works even with
the stack guard enabled:
https://github.com/lattera/exploits/blob/master/FreeBSD/StackClash/001-stackclash.c
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170620/c3c60675/attachment.sig>
More information about the freebsd-security
mailing list