Security experts have published the details and proof-of-concept exploits of an overflow vulnerability in the Linux kernel that could enable attackers to gain superuser access to the victim systems.
This vulnerability, discovered by security solutions provider Qualys, affects the kernel versions released from July 2007 all the way to July 2017, impacting the Red Hat Linux, CentOS, and many Debian distributions.
Nicknamed the “Mutagen Astronomy”, vulnerability registered as CVE-2018-14634, is a type of a privilege escalation, one of the most problematic issues with operating systems as a whole—and it exists in the Linux kernel’s create_elf_tables() function that is charged with operating of the memory tables.
To exploit this vulnerability, attackers need to have access to the victim system and run the exploit that leads to a buffer overflow, which will in all cases result in the execution of code that gives the attacker complete control over the affected system.
“Our proof-of-concept (poc-exploit.c) exploits the integer overflow in create_elf_tables() and the resulting lack of UNSECURE_ENVVARS filtering in ld.so: it executes the main() of a SUID-root binary (poc-suidbin.c) while LD_LIBRARY_PATH remains set, even though it should have been removed from the environment variables by ld.so. Demonstration:” Qualys Security Advisory explained in more detail.
“This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw. Systems with less than 32GB of memory are unlikely to be affected by this issue due to memory demands during exploitation,” an advisory released by Red Hat confirms.
“Only kernels with commit b6a2fea39318 (“mm: variable length argument support,” from July 19, 2007) but without commit da029c11e6b1 (“exec: Limit arg stack to at most 75% of _STK_LIM”, from July 7, 2017) are exploitable,” the Qualys advisory expalins.
Qualys reported the vulnerability to Red Hat on August 31, 2018, and to Linux kernel developers on September 18, 2018. Red Hat, assigned the flaw as “important” with a CVSS score of 7.8 (high severity), has started releasing security updates that address the issue.
Qualys security experts have also released both technical details and proof-of-concept (PoC) exploits (Exploit 1, Exploit 2) for the vulnerability publicly.