The Project Linux fixed a bug in the Kernel

The Project Linux fixed a bug in the Kernel

[vc_row type=”in_container” full_screen_row_position=”middle” scene_position=”center” text_color=”dark” text_align=”left” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ width=”2/3″ tablet_text_alignment=”default” phone_text_alignment=”default”]

The Linux development team has fixed a security flaw in the Linux kernel that can be exploited to get root level code execution privileges from a low privilege process.

The security flaw identified as CVE-2017-6074 was discovered by Google’s intern Andrey Konovalov using syzkaller, a security audit tool developed by Google.

The failure affects all released kernels in the last 11 years, according to Konovalov, the security vulnerability has affected all Linux kernels since version 2.6.14, released in October 2005, but only tested and confirmed in Versions since the 2.6.18 published in September of 2006.

The Google intern says that the problem was introduced into the kernel when the Linux team added support for the Datagram Congestion Control Protocol (DCCP) in version 2.6.14.

At the technical level, the flaw is a double-free vulnerability, a type of security flaw that occurs when an application frees the same memory address twice, which in some cases leads to memory errors.

This is exactly what happened this time, Konovalov found a way to exploit Linux DCCP support to execute code in the kernel from an unprivileged process. The technical details of the fault are presented in detail here and here.
Failure solved last week

The Linux security team repaired the flaw last week [1, 2] and the changes have already flowed to various Linux distributions, such as Ubuntu, which has already released the updates.

Konovalov said it will release exploit code as proof of concept, in a few days, so users have more time to upgrade their systems.
The Linux kernel lately plagued with old flaws

In recent months, the Linux project repaired several security holes that remained hidden for many years in the Linux kernel.

In December 2016, the Linux computer repaired CVE-2016-8655, a security flaw that was introduced in August 2011, which also allowed the attacker to gain root access.

In October 2016, the Linux computer repaired the much-discussed Dirty COW exploit, registered as CVE-2016-5195, which the researchers found to affect all versions of Linux released over the last nine years since 2007.

learn, learning, the best security practice, ethical hacking, IT, Admin, Administrator, Server, User, Kali Linux, Phone, Download, Blog, WordPress, Free, Lab, Pentest, Pentester

[/vc_column][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ width=”1/3″ tablet_text_alignment=”default” phone_text_alignment=”default” offset=”vc_hidden-md vc_hidden-sm vc_hidden-xs”][image_with_animation image_url=”1888″ alignment=”center” animation=”Fade In” box_shadow=”none” max_width=”100%” delay=”300″][team_member image_url=”1722″ team_memeber_style=”meta_below” link_element=”none” color=”Accent-Color” name=”Daniel Morales” job_position=”Writer”][/vc_column][/vc_row][vc_row type=”full_width_background” full_screen_row_position=”middle” bg_color=”#f9f9f9″ scene_position=”center” text_color=”dark” text_align=”left” top_padding=”4%” bottom_padding=”3%” overlay_strength=”0.3″][vc_column column_padding=”no-extra-padding” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ width=”1/1″ tablet_text_alignment=”default” phone_text_alignment=”default”][recent_posts style=”default” category=”all” columns=”3″ title_labels=”true” posts_per_page=”3″][/vc_column][/vc_row]

Share it:

Leave a Reply

Your email address will not be published. Required fields are marked *