​Serious Linux kernel security bug fixed

Sometimes old fixed bugs come back to bite us. That’s the case with CVE-2017-1000253, a Local Privilege Escalation Linux kernel bug.

This is a problem with how the Linux kernel loaded Executable and Linkable Format (ELF) executables.

If an ELF application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack.

This could cause memory corruption. Then, an otherwise unprivileged local user with access to a Set owner User ID (SUID) or otherwise privileged flawed PIE binary, could gain higher-level user privileges.

Qualys, a security company, worked out a way to exploit this hole. By smashing the PIE’s .dynamic section with a stack-based string operation, they found they could force the ld.so dynamic linker to load and execute their own shared library.

This security hole may sound complicated, but it’s relatively easy to exploit. Since it could give an ordinary user super-user privileges it’s potentially very dangerous.

This bug, and its fix, are actually old. It was first uncovered in 2015 by Michael Davidson, a Google software engineer. It was fixed in the 4.0 Linux kernel. To be exact, Davidson repaired the kernel bug with a patch committed on April 14, 2015.

What neither Davidson, nor anyone, realized at the time was that what appeared to be a minor bug could be exploited.

Since the bug was patched over two years ago, you might be wondering, “Why does this matter?”

The problem is that the bug lived on in long-term support (LTS) versions of Linux, which are often used in server Linux distributions.

In particular, Qualys found that “All versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.”

The bug is also present in Debian-based Linux distributions.

If you’re running an up-to-date Linux desktop, you have nothing to worry about. These use modern kernels rather than LTS kernels.

With a Common Vulnerability Scoring System, version 3 (CVSSv3) severity score of 7.8, system admins should patch the bug as soon as possible.

Since the major Linux distributors were aware of the security hole before it was announced, all a system administrator needs to do is their usual package management program to patch the kernel or install a patched kernel, and reboot.

ABOUT THE AUTHOR

Leave a Reply

Your email address will not be published. Required fields are marked *

itechnewsonline.com offers clients the ability to target marketing campaigns that are web-only. These ad opportunities will give your products and services high exposure of our web users. For more information on how we can assist you in developing a program that will help you meet your marketing needs and objectives

ITECHNEWS ONLINE
P .O. Box KN 4057
Kaneshie, Accra
Ghana / West Africa
Call: 0302219093
Email: info@itechnewsonline.com

Newsletter

Saratoga Springs
90°
clear sky
humidity: 24%
wind: 9mph N
H 95 • L 67
88°
Sun
91°
Mon
91°
Tue
85°
Wed
85°
Thu
Weather from OpenWeatherMap