[ntp:security] Fwd: [t-ops] Current stack clash vulnerability in many systems

Harlan Stenn stenn at nwtime.org
Mon Jun 19 23:26:11 UTC 2017




-------- Forwarded Message --------
Return-Path: <t-ops-owner at lists.nwtime.org>
X-Original-To: stenn at nwtime.org
Delivered-To: stenn at nwtime.org
Received: from localhost (localhost [127.0.0.1]) by chessie.everett.org
(Postfix) with SMTP id B25F8B87E for <stenn at nwtime.org>; Mon, 19 Jun
2017 22:57:27 +0000 (UTC)
Received: from whitealder.osuosl.org (smtp1.osuosl.org
[140.211.166.138]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA
(256/256 bits)) (No client certificate requested) by chessie.everett.org
(Postfix) with ESMTPS id 945FBB87A; Mon, 19 Jun 2017 22:57:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by
whitealder.osuosl.org (Postfix) with ESMTP id 5526D84219; Mon, 19 Jun
2017 22:57:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost
(.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
gofP7Ilo0KqK; Mon, 19 Jun 2017 22:57:25 +0000 (UTC)
Received: from rt.ntfo.org (mail.ntf.osuosl.org [140.211.15.172]) by
whitealder.osuosl.org (Postfix) with ESMTP id 4761C841FA; Mon, 19 Jun
2017 22:57:25 +0000 (UTC)
Received: by rt.ntfo.org (Postfix, from userid 497) id 4A2FC37B9A; Mon,
19 Jun 2017 22:57:24 +0000 (UTC)
Received: from mail2.sol.net (mail2.sol.net [206.55.64.73]) by
rt.ntfo.org (Postfix) with ESMTP id 4049937AA6 for
<t-ops at lists.nwtime.org>; Mon, 19 Jun 2017 22:57:21 +0000 (UTC)
Received: from aurora.sol.net (IDENT:jgreco at aurora.sol.net
[206.55.70.98]) by mail2.sol.net (8.15.2/8.15.2/SNNS-2.01) with ESMTPS
id v5JMvJIc025125 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256
verify=NO) for <t-ops at lists.nwtime.org>; Mon, 19 Jun 2017 18:57:20 -0400
(EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ns.sol.net;
s=mail; t=1497913040; bh=8RNE+oxV1tJZIfRd5ra8voTarf0z3N9bkhTv4pNmhOY=;
h=Date:From:To:Subject:Message-ID:Mime-Version:Content-Type;
b=aTaLL48+ZKGpEVcxiM3fK+nz/pwI6gHeLPXRlg4xTC2VM0gcg0iGdxdFNbRnf+Mzk
tBrqU9MlgJASpVpI4nrM2Snm2L+iniMIySwkcbgj/FvUMxL2n5AUahur63FikPkW4N
ZZWto4clrGLkJLhlgm5ID/pkQgbAWg/KgTfDGrwY=
Received: (from jgreco at localhost) by aurora.sol.net
(8.14.3/8.14.3/Submit) id v5JMvJrH010238 for t-ops at lists.nwtime.org;
Mon, 19 Jun 2017 17:57:19 -0500 (CDT)
Date: Mon, 19 Jun 2017 17:57:19 -0500
From: Joe Greco <jgreco at ns.sol.net>
To: t-ops at lists.nwtime.org
Message-ID: <20170619225719.GB57299 at ns.sol.net>
Mail-Followup-To: t-ops at lists.nwtime.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
Organization: sol.net Network Services - Milwaukee, WI
Subject: [t-ops] Current stack clash vulnerability in many systems
Reply-To: t-ops at lists.nwtime.org
X-Loop: t-ops at lists.nwtime.org
X-Sequence: 2266
Errors-to: t-ops-owner at lists.nwtime.org
Precedence: list
Precedence: bulk
Sender: t-ops-request at lists.nwtime.org
X-no-archive: yes
List-Id: <t-ops.lists.nwtime.org>
List-Help: <mailto:sympa at lists.nwtime.org?subject=help>
List-Subscribe: <mailto:sympa at lists.nwtime.org?subject=subscribe%20t-ops>
List-Unsubscribe:
<mailto:sympa at lists.nwtime.org?subject=unsubscribe%20t-ops>
List-Post: <mailto:t-ops at lists.nwtime.org>
List-Owner: <mailto:t-ops-request at lists.nwtime.org>
List-Archive: <http://lists.nwtime.org/sympa/arc/t-ops>
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Mon Jun 19 22:57:27 2017
X-DSPAM-Confidence: 0.9899
X-DSPAM-Improbability: 1 in 9809 chance of being spam
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 3974,594856d713864419819583

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

This looks awesome.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and]
then I
won't contact you again." - Direct Marketing Ass'n position on e-mail
spam(CNN)
With 24 million small businesses in the US alone, that's way too many
apples.



More information about the security mailing list