Red Hat has been made aware of privilege escalation flaw in the Linux kernel regarding ELF (Executable and Linkable Format) table code. This issue has been assigned CVE-2018-14634 and has a security impact of Important
Mutagen Astronomy is the codename for a local user privilege escalation flaw. Setuid binaries usually sanitize or clear environment variables which can be used to override built-in functions with attacker-controlled functions at runtime. However, this system-logic flaw allows process arguments to overwrite system environment variables. By hijacking these functions, an attacker can execute their own code, take control of the setuid binary, and execute commands at the elevated privilege level.
For a system to be vulnerable to this flaw, it must have:
- More than 16GiB of RAM.
- A 64-bit kernel.
Red Hat would like to thank Qualys for reporting these flaws.
Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately.
Updates for Affected Products
|Red Hat Enterprise Linux 7||kernel||RHSA-2018:2748|
|Red Hat Enterprise Linux 6||kernel||RHSA-2018:2846|
|Red Hat Enterprise Linux for Real Time for NFV (v. 7)||kernel-rt||RHSA-2018:2763|
|Red Hat MRG Grid for RHEL 6 Server v.2||kernel-rt||RHSA-2018:3586|
The flaw can be mitigated by reducing the hard stack limit usable by all users in the system. You can do so by modifying the system-wide limits and restarting the system. One adverse side effect is that limiting the stack may crash some large-stack programs. Fortunately, it is uncommon that an application hits this limit.
vi /etc/security/limits.conf * hard stack 30720
A SystemTap script provided in BZ#1624498 does mitigate the provided exploit, but changing the limits system wide is a more comprehensive solution.