A vulnerability in the Linux kernel

In the Linux kernel found a vulnerability (CVE-2017-6074), which allows an unprivileged local user to execute code as root.

It manifested in all nuclei with a DCCP support, starting from 2.6.14 and up to release 4.9.11, compiled with the option CONFIG_IP_DCCP
In most cases, dccp disabled in the kernel or as a module connected. Its launch should be prohibited in the system.

Check and correct, you can:

  • #lsmod | grep dccp
    If the team does not give anything, then the module is not being used and go to step two. If the module is found, try disabling it through rmmod dccp. If then lsmod | grep dccp does not produce anything, then go to step two. If you unload the module does not work, then one solution - you need to upgrade the kernel.
  • Trying to load a module via #modprobe dccp
    If it is not loaded and lsmod | grep dccp finds nothing, then it does not exist in the system and the vulnerability did not affect your server.
  • Turning off the unit and block it from loading:
    #rmmod dccp
    #echo install dccp / bin / false> /etc/modprobe.d/blacklist.conf

After these operations modprobe dccp team should produce an error.


3 March 2017

You may be interested in