Campus Information Security Community,
At the end of September, 2017, researchers [1] created Proof of Concept (PoC) exploit code for a vulnerability that was previously classified as a minor bug in April 2015. This PoC code allows a Linux user to elevate their privileges to root and take complete control of the system. The vulnerability is caused by the Linux system allocating too little memory for a program, which results in overwriting the operating system’s sensitive memory area. The researchers initially identified the below Linux distributions as vulnerable, but there is a high likelihood that others are vulnerable as well:
- All versions of CentOS 7 before 1708 (released on September 13, 2017)
- All versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017) [2]
- All versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable [2]
The IT Security Office recommends that administrators verify whether their version of Linux is vulnerable, and patch as soon as reasonably possible.
References:
[1] https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
