Red Hat has released a patch for a recently discovered vulnerability that allowed for local privilege escalation, putting all manner of Linux systems potentially at risk.
As explained in the advisory, the vulnerability, tracked as CVE-2022-27666, was discovered in IPSec’s Encapsulating Security Payload (esp6) crypto module or, in other words, a basic heap overflow vulnerability.
The flaw was discovered by one Xiaochen Zou - a graduate student at the University of California, Riverside. He explained how "the basic logic of this vulnerability is that the receiving buffer of a user message in esp6 module is an 8-page buffer, but the sender can send a message larger than 8 pages, which clearly creates a buffer overflow."
Crashing the system
In Red Hat’s advisory, the flaw was described as allowing a threat actor with normal user privilege to overwrite kernel heap objects, which may cause local privilege escalation.
The vulnerability was given a severity score of 7.8.
Red Hat has also warned admins that on Linux systems already using IPsec and having IPSec Security Associations (SA) configured, a threat actor would need no additional privileges to exploit the vulnerability.
However, these are essential for the network security protocol, ZDNet claims, meaning “pretty much everyone with the vulnerable code” in their Linux distro is a potential target.
According to Xiaochen, the newest Ubuntu, Fedora, and Debian Linux distros are all vulnerable, as well as Red Hat Enterprise Linux (RHEL) 8. This flaw can bring a Linux system offline, it was said.
The same patch also addresses CVE-2022-1055, a use-after-free vulnerability that was found in the network traffic control implementation, which can also crash a vulnerable system. It can also be used to gain elevated privileges, and was described as “high priority” for patching.
Given that the two vulnerabilities allow for privilege escalation and could be used for denial of service attacks, administrators are urged to patch up their endpoints as soon as possible.
Via: ZDNet