Patch

Multiple Linux Distribution Local Privilege Escalation Vulnerability - CVE-2017-1000253

Updated

Campus Information Security Community,

At the end of September, 2017, researchers [1] created Proof of Concept (PoC) exploit code for a vulnerability that was previously classified as a minor bug in April 2015. This PoC code allows a Linux user to elevate their privileges to root and take complete control of the system. The vulnerability is caused by the Linux system allocating too little memory for a program, which results in overwriting the operating system’s sensitive memory area. The researchers initially identified the below Linux distributions as vulnerable, but there is a high likelihood that others are vulnerable as well:

  • All versions of CentOS 7 before 1708 (released on September 13, 2017)
  • All versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017) [2]
  • All versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable [2]

The IT Security Office recommends that administrators verify whether their version of Linux is vulnerable, and patch as soon as reasonably possible.

 

References:

[1] https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

[2] https://access.redhat.com/security/cve/cve-2017-1000253