Linux kernel security serious bug issue fixed
Some bug issues just refuse to leave us and come back to bite. An old local privilege escalation Linux escalation kernel CVE-2017-1000253. The Linux kernel loaded Executable and Linkable Format (ELF) executables.
The problem is now if the ELF application is built as Position Independent Executable (PIE), the loader could allow a part of application’ s data segment to map the memory area reserved for stack. This would ultimately cause memory corruption. By then, the unprivileged local user with access to Set Owner User ID (SUID) could gain higher level user privileges.
Qualys, a security company found out a way to reduce the escalation of the bug. By destroying the PIE’ s dynamic section with a stack-based string operation and did a force attacker to the dynamic linker to load and execute own shared library.
This bug is considered to be dangerous because it could give an ordinary user, super-user privileges and may cause havoc on the system. This bug was patched on April 14, 2015 and again it has reared its ugly head because it lived on in long-term support versions of Linux.
Qualys urged the Linux administrators and users to patch up and update the Linux as soon as possible.
Comments ( 0 )
No comments available