A privilege escalation vulnerability had been lurking in the Linux kernel all this time until being discovered by a Palo Alto Networks researcher last week.
Assigned CVE-2020-14386, the memory corruption flaw can be exploited by a standard user to gain extended permissions as an administrator (root) on Linux systems.
“A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity,” reads the vulnerability’s official NVD description.
Or Cohen of Palo Alto Networks has been credited with discovering the vulnerability.
In a blog post for the company’s Unit42 blog, Cohen stated:
“Specifically, in order for the vulnerability to be triggerable, we need the kernel to have AF_PACKET
sockets enabled (CONFIG_PACKET=y
) and the CAP_NET_RAW
privilege for the triggering process, which can be obtained in an unprivileged user namespace if user namespaces are enabled (`CONFIG_USER_NS=y`) and accessible to unprivileged users.”
“Surprisingly, this long list of constraints is satisfied by default in some distributions, like Ubuntu,” continued Cohen.
According to Cohen, similar vulnerabilities have been reported in the past:
“A few years ago, several vulnerabilities were discovered in packet sockets (CVE-2017-7308 and CVE-2016-8655), and there are some publications, such as this one in the Project Zero blog and this in Openwall, which give some overview of the main functionality,” he said in the post.
However, the fixes previously applied by the project developers did not sufficiently resolve the memory corruption vulnerabilities, which is why Cohen was able to provide a Proof-of-Concept (PoC) exploit to demonstrate the flaw persisted.
A patch proposed by the researcher can be used to resolve the bug:
“I was surprised that such simple arithmetic security issues still exist in the Linux kernel and haven’t been previously discovered,” said Cohen.
“Also, unprivileged user namespaces expose a huge attack surface for local privilege escalation, so distributions should consider whether they should enable them or not,” the researcher concluded.
Cohen’s thorough technical findings are provided in the blog post.
Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…
Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…
The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…
The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…
One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…
Phishing kit used by multiple hacked sites generates a log in page on the fly…
This website uses cookies.