Old Linux-vulnerability strikes back
A vulnerability in the Linux kernel was recently discovered, which apparently already exists since 2009. The bug can also be found in all major Linux distributions, such as: Red Hat, Suse, or Debian.
The weak point is summarized under CVE number “CVE-2017-2636”. The criticality is classified as “high”. The vulnerability was discovered by security expert Alexander Popov.
The Linux kernel driver affected is “n_hdlc” (drivers / tty / n_hdlc.c). In this driver a so-called race condition was discovered. This race condition can be exploited by an attacker to gain administrative rights.
Basically, the gap can only be used locally under normal circumstances. In addition, the gap has quickly been fixed and there are security updates for all major distributions. So the server- and desktop systems should by now be protected against this particular vulnerability.
Devices with embedded Linux possibly still open for compromise
What remains a problem is devices with embedded Linux operating system. Unlike comparable solutions, which are based on Java, for example, there are hardly any license fees for Linux. So the operating system is extremely attractive for many manufacturers. The most popular and most common variant of Embedded Linux is very likely Google’s smartphone OS Android. But also many routers, firewalls, multimedia devices and other IoT stuff use variants of embedded Linux. According to a survey of our colleagues over at Arrow, about three out of four IoT devices use Linux as an embedded operating system (73.1%).
Updates cost money
Unfortunately, many manufacturers are not only saving on the cost of the operating system. It is, of course, completely legitimate to rely on open source to keep the unit costs down and thus the prices of the devices low. But when it comes to patching weak spots, thrift can be fatal. The cost-conscious end-user should be aware of this.
However, many people are not even aware that they can or should update their devices (or how to do it), even if that were possible. Since, however, most manufacturers do not provide any firmware updates at all, IoT devices can be exploited, eg. for botnets like Mirai. For example, malware could gain administrative priviledges on vulnerable systems by combining different kinds of attacks with this particular weakness, and then install additional program packages. Smart devices can be paralyzed, spied upon, or used as a botnet. (For more information, see the article “Are you a bot already?“).
It would be a sensible move to immediately check devices using embedded Linux, find out whether patches are available or to decide if they should be completely disconnected from the network.
Also, if you happen to use docker containers, the Docker host should be patched as fast as possible.