Site Navigation

Date:      Tue, 20 Jun 2017 09:15:14 -0400
From:      Shawn Webb <shawn.webb@hardenedbsd.org>
To:        Vladimir Terziev <vterziev@gvcgroup.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: The Stack Clash vulnerability
Message-ID:  <20170620131514.vdynljgemuz4fp3c@mutt-hbsd>
In-Reply-To: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com>
References:  <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--s2kksklr6jya7fco
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 20, 2017 at 08:13:46AM +0000, Vladimir Terziev wrote:
> Hi,
>=20
> I assume FreeBSD security team is already aware about the Stack Clash vul=
nerability, that is stated to affect FreeBSD amongst other Unix-like OS.
>=20
> Just in case here is the analyses document of Qualys:
>=20
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

FreeBSD is indeed affected. I've written a PoC, which works even with
the stack guard enabled:

https://github.com/lattera/exploits/blob/master/FreeBSD/StackClash/001-stac=
kclash.c

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--s2kksklr6jya7fco
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAllJH98ACgkQaoRlj1JF
bu5HLg/+IR2arBkP+Mel4Axw/SZqUbjYbzzP17Xp68yhoEjcI6czIzQwp6CcunQ7
F4HIRzhZxpZFDatlYvt6ID4W2ZRuxOhWAwWI6/h/qg2Bknm/Hh3lSjdKcgi+tOdg
HfGQsIczH/sVgRpe41QSuLL6JVW8DHDRA1bC0Tjf0WkLSb6z08cPBvr+Q1quEwMV
L4AZQOpHj89KMwjiLNP+z7yUvOeMHNDaoj9hfmIplJcnfSOghPCHfagzpItIwNvA
Wbr98JYfNvm+oCLw7mfyVM1gDzbCXqUWsruvyE11oFvnNEzlRerfUL8giOnhG2Tw
LyWt9McVnGvS9DyYmbntO2PFXzoG4ZH6vAJNOxsOksOH/AYX9ID6AtpRazIhsls3
owdvUIDml2Qj9Hkcp5dD1Y1KisV7a2EwR4iumoDwVKFXnShQS65RmvWaKUeUKTWR
w+CV9knHvgXmzbXEGQasNnIbQvDJFJ1Y5lRooSEIHfGOQxAhCwIMeVvChh4umliD
2Uz5GYOjQAv+Eolth/g8eXPyPtghqIVURFhaa6Skm1VA5gXDO/lsoX6gO2jEfX0f
O8sIo2qJ0NhSYjq4jSSogg7o/4zIJDW7E7x1Kx3IWHUowBZmTydHeJYXKVcZEjbL
w9CD8GDYYlEu+s5yS1U4GLG1yi5N5pDwhEOijt5gTijQ4+AGHAw=
=sAde
-----END PGP SIGNATURE-----

--s2kksklr6jya7fco--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170620131514.vdynljgemuz4fp3c>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact