Linux Security update for CVE-2017-6074

Linux Security update for CVE-2017-6074

12:31 27 February in Security

A new security vulnerability in the Linux Kernel was recently disclosed to the public by security researchers. Luckily (as we saw with the Dirtyc0w exploit) this does not allow remote execution of code and is only useful to attackers whom already have access to a compromised account on the server. However, this vulnerability could allow a compromised account to execute arbitrary code in the Linux kernel potentially doing anything they wish with the system including crashing the system or escalating privileges. According to Red Hat this impacts RHEL versions 5, 6 and 7 along with the related CentOS releases.

A potential exploit of this vulnerability could take advantage of a few lines of code in the DCCP kernel module. Because the Linux kernel has a modular architecture unused modules can be unloaded and disabled without much risk to system functionality. For this reason the first mitigation recommended by RedHat involved unloading and disabling the DCCP kernel module.

An updated set of kernel packages are now available from the standard yum repos for CentOS 6 and CentOS 7. Simple Helix has installed the patched kernel packages to all customer facing systems as of February 24, 2017. With the patched kernels in place there is no need to disable the DCCP kernel module.

We will continue to monitor the situation and update this post with any further news.