A flaw has been found in the way the Linux kernel loads ELF files.
Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack. This can result in memory corruption and possible privilege escalation.
Red Hat and Debian are affected by the CVE-2017-1000253 vulnerability, which was discovered by cloud security firm Qualys.
Red Hat warned: “An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system.”
This issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as well as some older versions of Red Hat Enterprise Linux 7. Embedded system tech running Red Hat might also need patching.
The Linux distro rates attack complexity as “low” but impact “high” – always a bad combination.
The flaw represents a possible mechanism for a hacker or other malicious party to step up from a user to root – e.g. you get a shell as an ordinary user on a web server or something from an exploited internet-facing service, and then use that bug to take control of the box.
Patching is straightforward, in this case, but deployment is the “hard” part as it’ll involve a reboot. The vulnerability is nasty but it’d be a whole lot worse if it were to lend itself to being remotely triggered, like ShellShock and its ilk. This flaw does not fall into that category, fortunately.
Sysadmins are nonetheless advised to review the security of their system and patch or at least mitigate against the vulnerability at their earliest opportunity. ®