2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

in #technology7 years ago

xl-2017-linux-1.jpg

A bug in Linux kernel which has been discovered a couple of decades before, but wasn't considered a security hazard at that moment, it has now been recognized as a potential local privilege escalation flaw.

Identified as CVE-2017-1000253, the insect was originally detected by Google researcher " Michael Davidson "at April 2015.

As it wasn't recognized as a severe bug at that moment, the patch for this kernel defect wasn't back-ported to long-term Linux distributions from kernel 3.10.77.

But, researchers in Qualys Research Labs has now discovered that this vulnerability can be exploited to escalate privileges and it impacts all major Linux distributions, such as Red Hat, Debian, and CentOS.

The vulnerability, which was provided a CVSS3 Base rating of 7.8 out of 10, resides in the manner Linux kernel heaps ELF executables, which possibly leads to memory corruption.

Researchers discover that an unprivileged local user using SUID (or otherwise registered) Position Independent Executable (PIE) binary may use this vulnerability to escalate their privileges on the affected system.
To be able to mitigate this problem, users may change to the heritage nmap design by placing vm.legacy_va_layout to 1, which will effectively disable the manipulation of the security flaw.

Considering that the nmap allocations begin much lower from the process address space and stick to the bottom-up allocation model, "the initial PIE executable mapping is far from the reserved stack area and cannot interfere with the stack"

Qualys says that this defect isn't restricted to the PIEs whose read-write section is bigger than 128MB, that is the minimal space between the mmap_base along with the maximum address of the pile, not the smallest address of the pile.
Thus, when departure 1.5GB of debate strings to execve(), any PIE could be mapped directly beneath the stack and activate the vulnerability.

Linux distributions, such as Red Hat, Debian, and CentOS, have introduced security updates to deal with the vulnerability.
The Qualys group has promised to print a proof-of-concept shortly exploit that operates on CentOS-7 kernel versions "3.10.0-514.21.2. El7.x86_64," once a greatest amount of consumers have had the time to patch their systems against the defect.

For more information visit
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
https://access.redhat.com/security/cve/CVE-2017-1000253
https://security-tracker.debian.org/tracker/CVE-2017-1000253

#news #linux #bitcoin #highriskflaw
7 years ago in #technology by
$0.00
    2 votes
    Reply 1
    Sort:  
  • Trending
    • [-]
     7 years ago 

    if you like this post , Don't forget to follow

    Coin Marketplace

    STEEM 0.16
    TRX 0.15
    JST 0.029
    BTC 57730.16
    ETH 2445.18
    USDT 1.00
    SBD 2.34