Monday, June 19, 2017

Stack Clash:
A UNIX Security bug likely to affect macOS

--

I'm posting this information as a warning to those running macOS as a server. The 'Stack Clash' security bug is likely to affect macOS owing to the fact that macOS is certified BSD UNIX.

Apple has been notified and no doubt will examine the situation and provide a patch ASAP if required. (Likely required).

For now, have a read of this article by Dan Goodwin over at Ars Technica.

Serious privilege escalation bug in Unix OSes imperils servers everywhere
“Stack Clash” poses threat to Linux, FreeBSD, OpenBSD, and other OSes.
Anyone running a Unix-based OS should check with the developer immediately to find out if a patch or security advisory is available. The best bet is to install a patch if one is available or, as a temporary workaround, set the hard RLIMIT STACK and RLIMIT_AS of local users and remote services to a low value. 
The Stack Clash security bug is listed as CVE-2017-1000364.

This isn't a PaNiC situation. But it's important to be aware that this bug is likely to affect macOS.

There will be more information available shortly, no doubt. I'll post here as it is released.

:-Derek



--