Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros.

Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros.

360 Mobile Vision - North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The issue is a size_t-to-int type conversion vulnerability that resides in the filesystem layer used to manage user data in all major distros released since 2014.

“The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration.” reads the analysis published by Qualys.

The researchers also developed an exploit code for the issue that allowed them to achieve full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Experts pointed out that other major Linux distributions are likely impacted. Below a video PoC exploit for this vulnerability:

The Qualys Research Team has also discovered a stack exhaustion denial-of-service vulnerability, tracked as CVE-2021-33910, that affects the systemd utility.

systemd is a software suite that provides an array of system components for Linux operating systems. Its main aim is to unify service configuration and behavior across Linux distributions.

An unprivileged user can exploit the CVE-2021-33910 vulnerability to crash systemd and also trigger a kernel panic condition.

“This vulnerability was introduced in systemd v220 (April 2015) by commit 7410616c (“core: rework unit name validation and manipulation logic”), which replaced a strdup() in the heap with a strdupa() on the stack. Successful exploitation of this vulnerability allows any unprivileged user to cause denial of service via kernel panic.” reads the security advisory published by the experts.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Linux)

The post LPE flaw in Linux kernel allows attackers to get root privileges on most distros appeared first on Security Affairs.

By admin