Mutagen Astronomy - Local privilege escalation - CVE-2018-14634

Public Date: October 3, 2018, 02:17
Updated September 3, 2021, 12:03 - Korean
Resolved Status
Important Impact

Insights vulnerability analysis

View exposed systems

Red Hat has been made aware of  privilege escalation flaw in the Linux kernel regarding ELF (Executable and Linkable Format) table code.   This issue has been assigned CVE-2018-14634  and has a security impact of Important

Background information

Mutagen Astronomy is the codename for a local user privilege escalation flaw. Setuid binaries usually sanitize or clear environment variables which can be used to override built-in functions with attacker-controlled functions at runtime. However, this system-logic flaw allows process arguments to overwrite system environment variables. By hijacking these functions, an attacker can execute their own code, take control of the setuid binary, and execute commands at the elevated privilege level.

For a system to be vulnerable to this flaw, it must have:

  • More than 16GiB of RAM.
  • A 64-bit kernel.

Acknowledgements

Red Hat would like to thank Qualys  for reporting these flaws.

Additional References

Qualys advisory

Red Hat CVE page

Impacted Products

Red Hat Product Security has rated CVE-2018-14634 as having a security impact of Important.

  • Red Hat Enterprise Linux 7

  • Red Hat Enterprise Linux 6

  • Red Hat Enterprise Linux for Real Time for NFV (v. 7)

  • Red Hat MRG Grid for RHEL 6 Server v.2

Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately.

Updates for Affected Products


Product

PackageAdvisory/Update
Red Hat Enterprise Linux 7kernelRHSA-2018:2748
Red Hat Enterprise Linux 6kernelRHSA-2018:2846
Red Hat Enterprise Linux for Real Time for NFV (v. 7)kernel-rtRHSA-2018:2763
Red Hat MRG Grid for RHEL 6 Server v.2kernel-rtRHSA-2018:3586



Mitigation

The flaw can be mitigated by reducing the hard stack limit usable by all users in the system. You can do so by modifying the system-wide limits and restarting the system. One adverse side effect is that limiting the stack may crash some large-stack programs. Fortunately, it is uncommon that an application hits this limit.

Raw
vi /etc/security/limits.conf

* hard stack 30720


A SystemTap script provided in BZ#1624498 does mitigate the provided exploit, but changing the limits system wide is a more comprehensive solution.


Comments