A new serious problem has been discovered to affect the Linux operating system, the bug is known as the Linux Mutagen Astronomy vulnerability and assigned the CVE-2018-14634 advisory. The security team that reported it has posted a proof-of-concept code that shows that major distributions are impacted.
The Linux Mutagen Astronomy Vulnerability Is Tracked in CVE-2018-14634
A new dangerous bug has been found in the Linux operating system, the security team that reported the problem has posted a proof-of-concept code that shows that major distributions are affected. At the moment it is confirmed that CentOS and the Red Hat Enterprise Linux (RHEL) systems are affected. The team behind the discovery states that this is a type of a local privilege escalation issue which is one of the most common issues with operating systems as a whole.
To exploit it successfully the attackers will need to have access to the systems, the dangerous code has shown that the bug allows them to gain root access thereby achieving total control of the affected devices. This is possible due to an issue in the function of the Linux kernel that operates the memory tables. The dangerous code will lead to a buffer overflow which will result in the execution of malicious code. The vulnerability was found in commits between July 19 2007 and July 7 2017.
According to the team technically all Linux kernels are vulnerable to this instance however in most cases the issue is mitigated by a patch that has been backported to most long-term kernels. Still two distributions have been found to be still affected by it — CentOS and Red Hat Enterprise Linux. They have confirmed this in a statement and are working on a patch to address the vulnerability. It is possible that other major distributions may also be affected as well as their derivatives.
The security team reveals that the problem does not affect 32-bit systems and computers with less than 32GB of memory are unlikely to be affected by it. The reason for this is the fact that the exploitation has been found to be very demanding on the memory resources. This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5.
The CVE-2018-14634 advisory descriptions is the following:
An integer overflow flaw was found in the Linux kernel’s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
Until a patch is released Red Hat Enterprise Linux customers can apply a temporary mitigation which is available on this customer portal page.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: