What is the Stack Clash?

The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64.  It can be exploited by attackers to corrupt memory and execute arbitrary code.

Qualys researchers discovered this vulnerability and developed seven exploits and seven proofs of concept for this weakness, then worked closely with vendors to develop patches. As a result we are releasing this advisory today as a coordinated effort, and patches for all distributions are available June 19, 2017. We strongly recommend that users place a high priority on patching these vulnerabilities immediately.

Continue reading …

Today Oracle released a total of 299 new security fixes across all product families. It is important to note that it fixed 25 instances of the infamous Apache Struts vulnerability which could allow a remote attacker to take complete control of the server running Struts. The struts fix was applied to 19 instances of Oracle Financial Services Applications along with WebCenter, WebLogic, Siebel, Oracle Communications, MySQL and Oracle Retail.

Oracle also released Patch 25878798 for Solaris 10 and 11.3 which fixed the second Shadow Brokers EXTREMEPARR vulnerability CVE-2017-3622. EXTREMEPARR  has a CVSS Base Score of 7.8, and if successfully exploited allows a local privilege escalation in the ‘dtappgather’ component. The other Shadow Brokers vulnerability CVE-2017-3623 (a.k.a. “Ebbisland” or “Ebbshave”) was previously addressed by Oracle in several Solaris 10 patch distributions issued since January 26^th 2012 and does not affect Solaris 11.

Out of the 299 total fixes MySQL, Financial Services, Retail and Fusion Middleware take the lion’s share of fixes and the distribution is shown in the chart below. Majority of the vulnerabilities in the Financial Services, Retail and Fusion Middleware could be exploited via the HTTP protocol and attackers can take complete control of the system remotely without the need of any credentials.

Continue reading …

As we approach the peak of the holiday online shopping season, Qualys BrowserCheck adds new features to help Internet users better protect their browsers.  With today’s new release, Qualys BrowserCheck increases the range of browsers it scans, including Linux browsers, beta releases of browsers, and more plugins.  BrowserCheck also reports zero-day vulnerabilities and makes it easier to upgrade out-of-date plugins.

Here’s a round-up of the new features:

1. Linux Support: BrowserCheck adds support for Firefox, Chrome, and Opera on Linux to its current support of major browsers on Windows and Mac OS X.  See supported browsers for details.
2. Plugin / Add-on Support: BrowserCheck adds checks for additional plugins and add-ons. The new checks extend support to Linux for the most popular plugins like Adobe Reader, and add support across all relevant platforms for plugins like DivX Web Player. See supported checks for details.
3. Beta Browser Support: Qualys BrowserCheck now scans beta versions of browsers including Internet Explorer 9, Firefox 4, Chrome 9 and Opera 11. See supported browsers for details.
4. Zero-day Vulnerabilities: Sometimes a vulnerability exists, but there is no fix (yet) for it.  Qualys BrowserCheck now detects these zero-day vulnerabilities and points to any available advisories containing recommended workarounds. When the fix becomes available, BrowserCheck is updated to display the Fix-it Button with a link to the download containing the fix.
5. Easier Upgrades: Wherever possible, we are updating Fix It button links in the scan results to point directly to the download that fixes the vulnerable plugin or add-on, rather than the homepage for the plugin or add-on. This makes it easier to quickly upgrade and protect your browser from the vulnerability.

Thanks to the BrowserCheck users who have reported feedback or enhancements. Your input helps us identify areas of improvement, and have certainly been a factor in today’s release. We encourage you to continue letting us know how BrowserCheck is working for you.