A “Stack Clash” is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to execute arbitrary code.
What are the chances that your name, address and social security number have been stolen? If you are an American citizen, the answer is ‘about 50/50’. The reason, perhaps not surprisingly, is a recent data breach. Records of 143M customers of Equifax, a large credit reporting company, were stolen.
This article was originally published in HelpNetSecurity.com
We are all aware of the risks introduced by good old third party code. Where would we be without it? Apparently not very far: It is estimated that between 30 to 70 percent of code comes from 3rd party applications. This is why we patch up old libraries and …
RunC Like the Wind
Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc code, which is used by several container engines, including Docker.
There has been plenty of buzz lately regarding an old-new privilege escalation vulnerability, adorably named “Dirty COW” after the Copy-On-Write memory protection in the Linux kernel. The whole thing started roughly eleven years ago, when a kernel developer left a race condition issue opened: “This is an ancient bug …