Patching time, again.
This is an announcement about CVE-2017-6074 [1] which is a double-free
vulnerability I found in the Linux kernel. It can be exploited to gain
kernel code execution from an unprivileged processes.
[oss-security] Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
This privilege escalation exploit is active on pretty much every kernel in use out there. CentOS 5, 6 and 7 are vulnerable according to the kernel versions.
The oldest version that was checked is 2.6.18 (Sep 2006), which is
vulnerable. However, the bug was introduced before that, probably in
the first release with DCCP support (2.6.14, Oct 2005).
The kernel needs to be built with CONFIG_IP_DCCP for the vulnerability
to be present. A lot of modern distributions enable this option by
default.
[oss-security] Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root)
Red Hat’s bug tracker provides some mitigation tactics without updating the kernel and rebooting your box.
Recent versions of Selinux policy can mitigate this exploit. The steps below will work with SElinux enabled or disabled.
As the DCCP module will be auto loaded when required, its use can be disabled
by preventing the module from loading with the following instructions.
# echo "install dccp /bin/true" >> /etc/modprobe.d/disable-dccp.conf
The system will need to be restarted if the dccp modules are loaded. In most circumstances the dccp kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.
If you need further assistance, see this KCS article ( https://access.redhat.com/solutions/41278 ) or contact Red Hat Global Support Services.
(CVE-2017-6074) CVE-2017-6074 kernel: use after free in dccp protocol
More details are hidden behind Red Hat’s subscription wall, but the mitigation tactic shown above should be sufficient in most cases.
In fact, there don’t seem to be updated kernel packages for CentOS just yet, so the above is – at the time of writing – the only mitigation tactic you have.