Posted on 06/20/2017 2:52:48 PM PDT by dayglored
lol windows users take a beating for 11 rounds, and linux users get a thumb in the eye in the 12’th round
just a flesh wound- nuttin serious
No argument there; they often err on the over-cautious side about throwing patches out to their user base.
But I still say, I'll be surprised if OS X / macOS is affected. Being a certified, genuine UNIX doesn't mean the internals necessarily are identical to other UNIXes -- it means you meet the requirements, most of which are external (interfaces, APIs, system support, behavior). With all the other work Apple has done to secure the OS, they may have (albeit inadvertently) fixed this problem without knowing it.
"May". I, like you, will wait and see what appears...
That's assuming the local user has a decent password. But even if they do...
Suppose the local user takes his laptop on a trip. It has a private SSH key for login, and the key has a null or trivial passphrase for convenience (sadly, very common).
Thief lifts the laptop from the hotel room, transfers the hard drive to a USB enclosure, plugs it into their own laptop, and checks /home or C:\Users or C:\cygwin\home.
Half an hour max; they're in. Meanwhile the local user hasn't even come back from dinner. By the time they realize it's missing, reach somebody in IT on the phone, and disable the account, the thief is long since done.
2-factor authentication is a wonderful thing.
More like 99 rounds to 1, but nevermind that...
I'll be patching my dozen or so external-facing systems tomorrow. The hundreds on the LAN are a different, and much more difficult, story.
had linux mint 18.2 been updated do you know?
i meant 18.1 not 18.2- can’t find any security updates for mint 18.1 regarding this particulari ssue
sudo apt-get update
sudo apt-get upgrade
and see what pops up.
In processor speak, "i386" refers to the standard 32 bit Intel processors, whereas "AMD64" refers to the AMD & Intel 64 bit processors, including XEON. Other processor architectures include Intel Itanium (not seen too much anymore,) IBM Power8, and ARM.
Mark
This vulnerability is based on a well-known issue with Von Neumann architecture systems (aka most modern computers). You can think of memory for a process (aka your program - the word processor, web browser, picture viewer, etc.) as a multi-story building. The operating system occupies the basement (low memory). Your program is loaded into the first couple floors - this is the executable code or instructions that make up the program. On the top floor is the "stack" memory. This is used when the program calls a function and that function needs some temporary local storage to use as a scratch pad. It may use the top floor or two, moving down as functions are called, moving back up (releasing memory) as functions exit. In between is "heap" memory. This is memory the program can ask for chunks of and hold onto/use for the life of the program, or return when no longer needed.
A stack/heap collision occurs when a program asks for too much memory from the heap, allocating floors up and up until it runs into the stack. A renegade program could also repeatedly call functions, bringing the stack down until it collides with memory allocated to the heap.
The nature of the attack? One of the things functions typically store in the stack is the address of where to return to when the function is done. The same function can be called from many places, so they store the address of who called them on the stack. Well... If the stack, and that address have "collided" with memory allocated from the heap, your program can write to that heap memory any address it wants. Then exit the function, and viola, the computer jumps back to what it thinks is the caller of the function, but is in fact where-ever the attacker wants it to go.
Putting a "guard" page of memory between the stack and heap is a fine idea to protect against your average accidental collision. However, attackers can easily jump over that with large allocations. If your processor architecture supports it, you can use the huge virtual memory space to separate the two by unreasonably large values. However, this may not be an option on constrained mobile devices with more modest processor architectures.
Any system that co-locates instructions and data in the same memory space, (aka Von Neumann architecture) is subject to this kind of attack if they organize stack/heap memory this way. There is a so-called Harvard architecture that uses totally separate data and program memory, thus eliminating this attack as a possibility. Similarly, modern x86 processors (eg. later than 2004/2005) support the notion of executable space - memory pages marked as data or program. Kind of like overlaying Harvard architecture onto it. Linux, Windows, and IOS have all incorporated support for this as a means of hardening against this (and other) attacks. If you can only write to data memory, but only execute out of executable memory, then it is very difficult for an attacker to write-out malicious code.
It doesn't say in the article, but I wonder if they had disabled this feature? Also, requiring local access is like cheating. In terms of computer security, the rule of thumb is "physical access equals root access." That is, if an attacker can physically get at a machine they can probably get root access. Remotely gaining access is another matter.
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
The reason why it does not work on Windows is, I think, that on Windows, the stack is below the heap, so if it keeps growing downward, it will hit the “floor,” rather than the heap, and the heap grows upward, away from the stack.
Thanks. I never would have guessed that someone talking about AMD was really referring to an Intel processor.
Doesn't even have to be on purpose. Been there done that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.