19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access

The attacker can abuse this by placing a fake NSS config file and an NSS module in their namespace, which results in the helper loading the attacker-controlled code as root, Manizada says.According to the engineer, the vulnerability can be resolved by considering key descriptions as legitimate only when CIFS uses its privatespnego_cred, and by implementing user-space hardening to check if the key description is indeed kernel-generated.Certain Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP distributions that have cifs-utils installed by default are vulnerable. According to the researcher, some distros are vulnerable only if cifs-utils was manually installed.Many Ubuntu, Fedora, CentOS, Rocky Linux, AlmaLinux, Oracle Linux, openSUSE, and SLES distros block the execution path by default, while Amazon Linux 2 KVM and Kali Linux 2019.4/2020.4 are not affected.Major Linux distributions rolled out fixes for the security defect earlier this month. Manizada haspublishedproof-of-concept (PoC) code to help defenders “validate patches, mitigations, detections, and exposure”.Related:PoC Released for DirtyDecrypt Linux Kernel VulnerabilityRelated:New Linux Kernel Vulnerability Fragnesia Allows Root Privilege EscalationRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

According to the engineer, the vulnerability can be resolved by considering key descriptions as legitimate only when CIFS uses its privatespnego_cred, and by implementing user-space hardening to check if the key description is indeed kernel-generated.Certain Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP distributions that have cifs-utils installed by default are vulnerable. According to the researcher, some distros are vulnerable only if cifs-utils was manually installed.Many Ubuntu, Fedora, CentOS, Rocky Linux, AlmaLinux, Oracle Linux, openSUSE, and SLES distros block the execution path by default, while Amazon Linux 2 KVM and Kali Linux 2019.4/2020.4 are not affected.Major Linux distributions rolled out fixes for the security defect earlier this month. Manizada haspublishedproof-of-concept (PoC) code to help defenders “validate patches, mitigations, detections, and exposure”.Related:PoC Released for DirtyDecrypt Linux Kernel VulnerabilityRelated:New Linux Kernel Vulnerability Fragnesia Allows Root Privilege EscalationRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Certain Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP distributions that have cifs-utils installed by default are vulnerable. According to the researcher, some distros are vulnerable only if cifs-utils was manually installed.Many Ubuntu, Fedora, CentOS, Rocky Linux, AlmaLinux, Oracle Linux, openSUSE, and SLES distros block the execution path by default, while Amazon Linux 2 KVM and Kali Linux 2019.4/2020.4 are not affected.Major Linux distributions rolled out fixes for the security defect earlier this month. Manizada haspublishedproof-of-concept (PoC) code to help defenders “validate patches, mitigations, detections, and exposure”.Related:PoC Released for DirtyDecrypt Linux Kernel VulnerabilityRelated:New Linux Kernel Vulnerability Fragnesia Allows Root Privilege EscalationRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Many Ubuntu, Fedora, CentOS, Rocky Linux, AlmaLinux, Oracle Linux, openSUSE, and SLES distros block the execution path by default, while Amazon Linux 2 KVM and Kali Linux 2019.4/2020.4 are not affected.Major Linux distributions rolled out fixes for the security defect earlier this month. Manizada haspublishedproof-of-concept (PoC) code to help defenders “validate patches, mitigations, detections, and exposure”.Related:PoC Released for DirtyDecrypt Linux Kernel VulnerabilityRelated:New Linux Kernel Vulnerability Fragnesia Allows Root Privilege EscalationRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Major Linux distributions rolled out fixes for the security defect earlier this month. Manizada haspublishedproof-of-concept (PoC) code to help defenders “validate patches, mitigations, detections, and exposure”.Related:PoC Released for DirtyDecrypt Linux Kernel VulnerabilityRelated:New Linux Kernel Vulnerability Fragnesia Allows Root Privilege EscalationRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Related:PoC Released for DirtyDecrypt Linux Kernel VulnerabilityRelated:New Linux Kernel Vulnerability Fragnesia Allows Root Privilege EscalationRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Related:New Linux Kernel Vulnerability Fragnesia Allows Root Privilege EscalationRelated:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Related:New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in AttacksRelated:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Related:Exploitation of ‘Copy Fail’ Linux Vulnerability Begins

Ionut Arghire is an international correspondent for SecurityWeek.

Source: SecurityWeek