Add to favourites
News Local and Global in your language
23rd of March 2017

Internet



Researchers find seven years old Linux flaw

An old vulnerability was just discovered in the Linux kernel, potentially allowing hackers to gain privilege escalation, or cause a denial of service. The vulnerability was quickly fixed and there has been no signs of it in the wild, although that does not necessarily mean it went unnoticed. 

According to Positive Technologies expert, Alexander Popov, the CVE-2017-2636 vulnerability is seven years old, and has affected the majority of popular Linux distributions, including RHEL 6/7, Fedora, SUSE, Debian, and Ubuntu.

Alexander Popov found a “race condition in the n_hdlc driver that leads to double-freeing of kernel memory, which can be exploited for privilege escalation in the operating system”. 

Positive Technologies evaluated the vulnerability as dangerous, with a CVSS v3 score of 7.8.

"The vulnerability is old, so it is widespread across Linux workstations and servers,” notes Alexander Popov. “To automatically load the flawed module, an attacker needs only unprivileged user rights. Additionally, the exploit doesn't require any special hardware.”

The flaw, which was introduced on June 22, 2009, was revealed during system call testing with the syzkaller fuzzer. The flaw was reported to kernerl.org on February 28 this year, and was officially patched on March 7. 

“The bug can also be mitigated manually with special rules that block kernel modules from loading,” the security researchers added.

Image Source: Profit_Image / Shutterstock

Read More




Leave A Comment

More News

Latest ITProPortal news

TechRadar: Internet news

Top News

Dev Pro

TechCrunch » Enterprise

ExtremeTech » Internet

ComputerWeekly: Latest IT

Disclaimer and Notice:WorldProNews.com is not the owner of these news or any information published on this site.