Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Linux Kernel vulnerability CVE-2017-7184 disclosed at Pwn2Own 2017 fixed

The Linux kernel flaw exploited by the hackers at the Zero Day Initiative’s Pwn2Own 2017 competition to hack Ubuntu has been patched. The Chaitin Security Research Lab (@ChaitinTech) discovered a Linux Kernel flaw, , tracked as CVE-2017-7184, during the last Pwn2Own 2017 competition. The experts hacked Ubuntu Desktop exploiting a Linux kernel heap out-of-bound access and earned $15,000 […]

Linux Kernel vulnerability CVE-2017-7184 disclosed at Pwn2Own 2017 fixed

The Linux kernel flaw exploited by the hackers at the Zero Day Initiative’s Pwn2Own 2017 competition to hack Ubuntu has been patched.

The Chaitin Security Research Lab (@ChaitinTech) discovered a Linux Kernel flaw, , tracked as CVE-2017-7184, during the last Pwn2Own 2017 competition. The experts hacked Ubuntu Desktop exploiting a Linux kernel heap out-of-bound access and earned $15,000 and 3 Master of Pwn points. It was the first time for an Ubuntu Linux hack at the Pwn2Own.

“This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.” reads the ZDI advisory.

“The specific flaw exists within the handling of xfrm states. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to elevate privileges and execute arbitrary code under the context of the kernel.”

 Linux Kernel Flaw CVE-2017-7184 Pwn2Own 2017

The vulnerability can be exploited to cause a denial-of-service (DoS) condition or to execute arbitrary code. It could be exploited by a local attacker to escalate privileges on the system.

Red Hat rated the flaw as “high severity,” anyway its experts confirmed that the flaw cannot be exploited for privilege escalation on default or common configurations of Red Hat Enterprise Linux 5, 6 and 7.

The CVE-2017-718 flaw was quickly fixed in the Linux kernel a few days after the Pwn2Own 2017 competition, and Ubuntu development team has fixed it at the end of March. Other Linux distributions are already working on security patches.

[adrotate banner=”9″] [adrotate banner=”12″]  

Pierluigi Paganini

(Security Affairs – Linux Kernel Flaw,  CVE-2017-7184)

[adrotate banner=”5″]

[adrotate banner=”13″]