Select Page

Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system.

The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed “Mutagen Astronomy,” affects the kernel versions released between July 2007 and July 2017, impacting the Red Hat Enterprise Linux, CentOS, and Debian distributions.

The Mutagen Astronomy vulnerability tracked as CVE-2018-14634, is a type of a local privilege escalation issue—one of the most common issues with operating systems as a whole—and exists in the Linux kernel’s create_elf_tables() function that operates the memory tables.

To successfully exploit this vulnerability, attackers need to have access to the targeted system and run their exploit that leads to a buffer overflow, thereby resulting in the execution of malicious code and achieving complete control of the affected system.

images from Hacker News