1. Home
  2. Data Center
  3. Can the Linux Stack Clash Vulnerability Affect Containers?

Can the Linux Stack Clash Vulnerability Affect Containers?

0
0

The recently discovered ‘Stack Clash’ vulnerability in Linux-based systems is another critical security issue like Dirty Cow, but can the stack clash vulnerability affect containers, and what could an attacker do?

The short answer is yes, an attacker could exploit the vulnerability to gain root privileges within a container, but not necessarily be able to break out from the container. However, if the exploit occurs in the user space on the host, the escalation to root on the linux host itself is a critical security event which the attacker could use to compromise running containers or the Docker daemon itself.

The Stack Clash Vulnerability

This vulnerability (CVE-2010-2240) was recently discovered by security vendor Qualys researchers and has been named “Stack Clash” because it involves “clashing” the stack with another memory region, such as the heap. A flaw was found in the way memory was being allocated on the stack for user space binaries, which could allow an attacker to jump over the stack guard gap. This could cause controlled memory corruption on the process stack or the adjacent memory region, and thus increase their privileges on the system.

Read the entire article here, Can the Linux Stack Clash Vulnerability Affect Containers?

via NeuVectdor.

Categories:
NeuVector NeuVector was founded by security and enterprise software veterans with the vision of simple, scalable security for container based applications. The team has over 20 years of security, virtualization, and enterprise software experience from companies such as VMWare, Fortinet, Cisco, and Trend Micro.

Featured Resources:

Related Articles:

| LATEST FEATURED RESOURCES

White Papers

‘All You Need to Know About Microsoft Windows Nano Server’ Veeam White Paper

Now updated for Windows Server 2016 GA release! You probably heard about Windows Nano Server already … but what is it exactly, and how do you get started with it? What value will it bring to your environment? Nano Server is a headless, 64-bit only deployment option for Windows Server 2016. Microsoft created this component specifically with […]

Downloads

Download Commvault VM Backup and Recovery: end-to-end VM backup, recovery and cloud management

Commvault’s ability to provide end-to-end VM backup, recovery and cloud management creates a significantly better way to build, protect and optimize VMs throughout their lifecycle. Our best-in-class software for VM backup, recovery and cloud management delivers a number of significant benefits, including: VM recovery with live recovery options; backup to and in the cloud; custom-fit […]

On-Demand Webinars

Architecting for today’s desktop environments – FSLogix On-Demand Webinar

October 19, 2017 Webinar with David Young, Solutions Architect and Product Champion, and Brandon Lee, Solutions Marketer. Video Recording of a live demo of FSLogix and an overview of the latest release of FSLogix Apps featuring Roaming XenApp Email Search and OneDrive App along with Skype for Business Global Address List and Device Based Licensing. […]

Latest Videos

Current State of EUC – E2EVC Video

Session from @E2EVC 2017 Orlando. For event information please visit www.e2evc.com/home. For slides, additional info etc please contact the presenter directly on Twitter. For best video and sound quality do visit the event! This video is from the fine folks at E2EVC Conference

Views All IT News on DABCC.com
Views All IT Videos on DABCC.com
Win a Tesla P100D

Visit Our Sponsors