The problem allowed obtaining a superuser rights on the system

Linux kernel eliminates the dangerous privilege vulnerability found more than two years ago. The problem was discovered by a Google employee Michael Davidson in April 2015 and wad fixed in the Linux kernel 4.0 version. Linux developers ported the patch to obsolete 3.x branches with the release of the Linux kernel 3.10.77, but because the vulnerability was not considered to be a serious security threat at the time, the fix was not transferred to the LTS (Long Term Support, support for long period) -cam and packages with the kernel of some distributions.
According to Qualys Research Labs, the vulnerability affects all versions of CentOS 7 to 1708, all versions of Red Hat Enterprise Linux 7 to 7.4, and all versions of CentOS 6 and Red Hat Enterprise Linux 6.

The vulnerability was identified by CVE-2017-1000253 and rated at 7.8 points on the CVSSv3 scale. The problem is contained in the implementation of the method of loading executable ELF files and allowed the obtaining of a superuser rights on the system. The essence of the vulnerability: the executable file of the application compiled in PIE mode (Position Independent Executable) can be loaded in such a way that some of the information from the data segment would affect the memory area allocated for the stack, resulting in memory corruption. An attacker can exploit this problem to increase his privileges by manipulating executable files on the system with the SUID flag collected in the PIE mode.

Leave a Reply

Your email address will not be published. Required fields are marked *