Red Hat has released a patch for a recently discovered vulnerability that allowed for local privilege escalation, putting all manner of Linux systems potentially at risk.
As explained in the advisory, the vulnerability, tracked as CVE-2022-27666, was discovered in IPSec’s Encapsulating Security Payload (esp6) crypto module or, in other words, a basic heap overflow vulnerability.
The flaw was discovered by one Xiaochen Zou - a graduate student at the University of California, Riverside. He explained how "the basic logic of this vulnerability is that the receiving buffer of a user message in esp6 module is an 8-page buffer, but the sender can send a message larger than 8 pages, which clearly creates a buffer overflow."
Crashing the system
In Red Hat’s advisory, the flaw was described as allowing a threat actor with normal user privilege to overwrite kernel heap objects, which may cause local privilege escalation.
The vulnerability was given a severity score of 7.8.
Red Hat has also warned admins that on Linux systems already using IPsec and having IPSec Security Associations (SA) configured, a threat actor would need no additional privileges to exploit the vulnerability.
However, these are essential for the network security protocol, ZDNet claims, meaning “pretty much everyone with the vulnerable code” in their Linux distro (opens in new tab) is a potential target.
> This major Linux security vulnerability has been fixed, so patch now (opens in new tab)
> Linux devs fix nasty vulnerability dating back half a decade (opens in new tab)
> These critical security bugs put Linux servers at risk of attack (opens in new tab)
According to Xiaochen, the newest Ubuntu, Fedora, and Debian Linux distros are all vulnerable, as well as Red Hat Enterprise Linux (RHEL) 8. This flaw can bring a Linux system offline, it was said.
The same patch also addresses CVE-2022-1055, a use-after-free vulnerability that was found in the network traffic control implementation, which can also crash a vulnerable system. It can also be used to gain elevated privileges, and was described as “high priority” for patching.
Given that the two vulnerabilities allow for privilege escalation and could be used for denial of service attacks, administrators are urged to patch up their endpoints (opens in new tab) as soon as possible.
- To stay secure from threats, make sure you set up one of the best firewalls right now (opens in new tab)
Via: ZDNet (opens in new tab)