[ad_1]
Unprivileged attackers can gain root privileges by exploiting an elevation of local privilege (LPE) vulnerability in the default Linux kernel file system layer configurations on vulnerable devices.
As discovered by Qualys researchers, the LPE security vulnerability identified as CVE-2021-33909 (dubbed Sequoia) is present in the file system layer used to manage user data, a feature universally used by all major operating systems (Linux).
According to Qualys research, the vulnerability affects all versions of the Linux kernel released since 2014.
When successfully exploited on a vulnerable system, attackers gain full root privileges on default installations of many modern distributions.
“We have successfully exploited this uncontrolled out of bounds write and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation,” the researchers said.
They also added that “other Linux distributions are certainly vulnerable, and possibly exploitable.”
Since the attack surface exposed by the Sequoia vulnerability spans a wide range of distributions and versions, Linux users are urged to immediately apply patches released earlier today.
Qualys also discovered and disclosed earlier today a stack exhaustion denial of service vulnerability, identified as CVE-2021-33910 in systemd, which can be exploited by unprivileged attackers to trigger a kernel panic.
systemd is a software suite included with most Linux operating systems used to start all other system components after booting.
This security vulnerability was introduced in April 2015 and is present in all versions of systemd released since then, except those released earlier today to fix the bug.
Qualys also created and attached proof of concept exploits to the two blog posts, PoC exploits designed to show how potential attackers could successfully abuse these two vulnerabilities.
Earlier this year, Qualys researchers also discovered a Sudo vulnerability that can allow local users to gain root privileges on Unix-like operating systems without requiring authentication.
[ad_2]
Source link