|
Actions:
|
2017-06-22 10:03 AEST by Arthur Barrett - New research on 'smash the stack' exploits on Linux:
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Processes that run as 'root' (elevated) are particularly susceptible to exploitation to gain privs from user level.
This probably doesn't affect cvsnt server, because unlike sudo (or even x server) it's not run 'by the user'.
But at least in theory - if the client processes are on the same box as the server processes then there could
be an exploit - but since there is little control over the cvsnt server environment vars or command line I think
it's moot.
But this is a timely reminder:
- not to allow users any indirect access to the cvsnt server command line or env space (the
LD_LIBRARY_PATH stuff for Oracle/Audit here may be susceptible - but again you need root to modify
/etc/cvsnt/PServer anyway)
- that SSP (Stack-Smashing Protector), NX (No-eXecute) and ASLR (Address Space Layout Randomization)
only apply if we use the right gcc/g++ version and params
- |