Skip to Content.
Sympa Menu

linux-announce - [[Linux-announce] ] Local privilege escalation

linux-announce AT lists.psi.ch

Subject: Linux-announce mailing list

List archive

[[Linux-announce] ] Local privilege escalation


Chronological Thread 
  • From: Kai Kaminski <kai.kaminski AT psi.ch>
  • To: "linux-announce AT lists.psi.ch" <linux-announce AT lists.psi.ch>
  • Subject: [[Linux-announce] ] Local privilege escalation
  • Date: Mon, 27 Feb 2017 13:49:16 +0100

Hi,

last week a new vulnerability was published (see below), which allows
local users to gain root privilege. We don't have the new kernel in the
repository yet, but there is a straightforward mitigation, assuming that
the module isn't in use yet. It is documented by Red Hat here:
https://access.redhat.com/security/vulnerabilities/2934281

The short version is:

echo "install dccp /bin/true">> /etc/modprobe.d/disable-dccp.conf

I think this is mostly an issue on servers where unprivileged users can
log in. I will implement this on llc*.psi.ch.

Best regards,

Kai


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074


  • [[Linux-announce] ] Local privilege escalation, Kai Kaminski, 02/27/2017

Archive powered by MHonArc 2.6.19.

Top of Page