[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default”]
The Linux development team has fixed a security flaw in the Linux kernel that can be exploited to get root level code execution privileges from a low privilege process.
The failure affects all released kernels in the last 11 years, according to Konovalov, the security vulnerability has affected all Linux kernels since version 2.6.14, released in October 2005, but only tested and confirmed in Versions since the 2.6.18 published in September of 2006.
The Google intern says that the problem was introduced into the kernel when the Linux team added support for the Datagram Congestion Control Protocol (DCCP) in version 2.6.14.
At the technical level, the flaw is a double-free vulnerability, a type of security flaw that occurs when an application frees the same memory address twice, which in some cases leads to memory errors.
This is exactly what happened this time, Konovalov found a way to exploit Linux DCCP support to execute code in the kernel from an unprivileged process. The technical details of the fault are presented in detail here and here.
Failure solved last week
The Linux security team repaired the flaw last week [1, 2] and the changes have already flowed to various Linux distributions, such as Ubuntu, which has already released the updates.
Konovalov said it will release exploit code as proof of concept, in a few days, so users have more time to upgrade their systems.
The Linux kernel lately plagued with old flaws
In recent months, the Linux project repaired several security holes that remained hidden for many years in the Linux kernel.
In December 2016, the Linux computer repaired CVE-2016-8655, a security flaw that was introduced in August 2011, which also allowed the attacker to gain root access.
In October 2016, the Linux computer repaired the much-discussed Dirty COW exploit, registered as CVE-2016-5195, which the researchers found to affect all versions of Linux released over the last nine years since 2007.
learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester