Code Execution Bug in Linux Kernel puts Every System at Risk

Almost every Linux system and servers running kernel prior to 5.0.8 are affected by a race condition vulnerability leading to remote code execution on the vulnerable systems.

The security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and leads to post exploit the systems.

To exploit the bug an attackers just needs to send a special crafted TCP packets to vulnerable linux machines which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system.

This bug can also been identified as CVE-2019-11815 and other linux distribution like RedHat, Debian, Ubuntu, SUSE had acknowledge the bug. The bug has been classified as high severity because it can be exploit by an Unauthenticated attackers, but as the exploit is complex which reducex the impact score.

The Linux kernel developers issued a patch for the CVE-2019-11815 issue during late-March and fixed the flaw in the Linux kernel 5.0.8 versionreleased on April 17.
Almost every Linux system and servers running kernel prior to 5.0.8 are affected by a race condition vulnerability leading to remote code execution on the vulnerable systems.

The security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and leads to post exploit the systems.

To exploit the bug an attackers just needs to send a special crafted TCP packets to vulnerable linux machines which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system.

This bug can also been identified as CVE-2019-11815 and other linux distribution like RedHat, Debian, Ubuntu, SUSE had acknowledge the bug. The bug has been classified as high severity because it can be exploit by an Unauthenticated attackers, but as the exploit is complex which reducex the impact score.

The Linux kernel developers issued a patch for the CVE-2019-11815 issue during late-March and fixed the flaw in the Linux kernel 5.0.8 versionreleased on April 17.

Related Posts

Post a Comment

Subscribe Our Newsletter