Eleven-year-old root flaw found and patched in the Linux kernel

Linux system administrators should be on the watch for kernel updates because they fix a local privilege escalation flaw that could lead to a full system compromise.

The vulnerability, tracked as CVE-2017-6074, is over 11 years old and was likely introduced in 2005 when the Linux kernel gained support for the Datagram Congestion Control Protocol (DCCP). It was discovered last week and was patched by the kernel developers on Friday.

The flaw can be exploited locally by using heap spraying techniques to execute arbitrary code inside the kernel, the most privileged part of the OS. Andrey Konovalov, the Google researcher who found the vulnerability, plans to publish an exploit for it a few days.


While they cannot be exploited remotely, local privilege escalation vulnerabilities like this one are still dangerous because they can be combined with other flaws that give remote hackers access to a lower privileged account on a system.

In order for this flaw to be exploitable, the kernel needs to be built with the CONFIG_IP_DCCP option. Many distributions use kernels built with this option, but some don’ t.

Red Hat announced that Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels are affected. The company has released patches for Red Hat Enterprise Linux 6 and 7 and for the Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt).

The Debian project released fixed kernel packages for Debian 7 Wheezy and Debian 8 Jessie, the “ old stable” and “ stable” versions of the distribution. Debian Stretch (testing) and Sid (unstable) have not been patched yet.

Patches are also available for Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. As far as SUSE goes, only SUSE Linux Enterprise Server 10 is affected and patches for it are only available to customers with long term service pack support. The kernels in SUSE Linux Enterprise Server 11 SP 1 to 4 and SUSE Linux Enterprise Server 12 SP 1 and 2 are not built with support for the DCCP protocol.

Administrators should check with their Linux distribution providers to check if their systems are vulnerable and if patches are available. There is also a mitigation available that involves manually disabling the DCCP kernel module.

Tag : Linux Linux kernel
FAQ
Q
I have cool project X, can you guys mirror it for me?
A
Probably not. Kernel.org deals with the Linux kernel, various distributions of the kernel and larger repositories of packages. We do not mirror individual projects, software, etc as we feel there are better places providing mirrors for those kinds of repositories. If you feel that kernel.org should mirror your project, please contact ftpadmin@kernel.org with the following information:

name
project name
project website
detailed project description
reason for wanting us to mirror
Q
When will the next kernel be released?
A
The next kernel will be released when it is ready. There is no strict timeline for making releases, but if you really need an educated guess, visit the Linux kernel PHB Crystal Ball -- it tries to provide a ballpark guess based on previous kernel release schedule.
Q
How does kernel.org provide its users access to the git trees?
A
We are using an access control system called gitolite, originally written and maintained by Sitaram Chamarty. We chose gitolite for a number of reasons:

Limiting of ssh access to the system
Fine grained control over repository access
Well maintained and supported code base
Responsive development
Broad and diverse install base
Q
Why are there files that are dated tomorrow?
A
All timestamps on kernel.org are in UTC (Coordinated Universal Time). If you live in the western hemisphere your local time lags behind UTC. Under Linux/Unix, type date -u to get the current time in UTC.
Q
Is Linux Kernel Free Software?
A
Linux kernel is released under GNU GPL version 2 and is therefore Free Software as defined by the Free Software Foundation. You may read the entire copy of the license in the COPYING file distributed with each release of the Linux kern