You are here

The Stack Clash Vulerability

IDs: 
CVE-2017-1000364, CVE-2017-1000365, CVE-2017-1000367
Keywords: 
stack clash, memory, Linux
Description: 

The Stack Clash is a vulnerability in the memory management of several operating systems including RHEL6. It can be exploited by attackers to corrupt memory, execute arbitrary code and obtain root privileges [1].

Exploits may be available soon. They will probably require local access to an affected system. This is not an issue for Airlock WAF because all local interactive users are trusted. Further, Airlock WAF does not expose services that pose a risk for remote exploitation of the vulnerability.

Resolution: 

no action required.

Component: 
Airlock
Airlock Vulnerability Status: 
No action required
Back-end Vulnerability Status: 
No action required