The Stack Clash vulnerability
Shawn Webb
shawn.webb at hardenedbsd.org
Tue Jun 20 19:41:20 UTC 2017
On Tue, Jun 20, 2017 at 08:13:46AM +0000, Vladimir Terziev wrote:
> Hi,
>
> I assume FreeBSD security team is already aware about the Stack Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS.
>
> Just in case here is the analyses document of Qualys:
>
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
As a follow-up, Stack Clash should now be mitigated in HardenedBSD:
https://github.com/HardenedBSD/hardenedBSD/compare/de8124d3bf83d774b66f62d11aee0162d0cd1031...91104ed152d57cde0292b2dc09489fd1f69ea77c
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170620/1bf86267/attachment.sig>
More information about the freebsd-security
mailing list