Multiple Linux Distribution Local Privilege Escalation Vulnerability - CVE-2017-1000253


Campus Information Security Community,

At the end of September, 2017, researchers [1] created Proof of Concept (PoC) exploit code for a vulnerability that was previously classified as a minor bug in April 2015. This PoC code allows a Linux user to elevate their privileges to root and take complete control of the system. The vulnerability is caused by the Linux system allocating too little memory for a program, which results in overwriting the operating system’s sensitive memory area. The researchers initially identified the below Linux distributions as vulnerable, but there is a high likelihood that others are vulnerable as well:

  • All versions of CentOS 7 before 1708 (released on September 13, 2017)
  • All versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017) [2]
  • All versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable [2]

The IT Security Office recommends that administrators verify whether their version of Linux is vulnerable, and patch as soon as reasonably possible.