Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.
Over a decade old Linux Kernel bug (CVE-2017-6074) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using Syzkaller, a kernel fuzzing tool released by Google.
The vulnerability is a use-after-free flaw in the way the Linux kernel’s “DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket.”
The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system.
“An attacker can control what object that would be and overwrite its content with arbitrary data by using some of the kernel heap spraying techniques. If the overwritten object has any triggerable function pointers, an attacker gets to execute arbitrary code within the kernel,” full disclosure mailing list about the vulnerability reads.
DCCP is a message-oriented transport layer protocol that minimizes the overhead of packet header size or end-node processing as much as possible and provides the establishment, maintenance and teardown of an unreliable packet flow, and the congestion control of that packet flow.
This vulnerability does not provide any way for an outsider to break into your system in the first place, as it is not a remote code execution (RCE) flaw and require an attacker to have a local account access on the system to exploit the flaw.
Almost two months ago, a similar privilege-escalation vulnerability
(CVE-2016-8655) was uncovered in Linux kernel that dated back to 2011 and allowed an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel.
The vulnerability has already been patched in the mainline kernel. So, if you are an advanced Linux user, apply the patch and rebuild kernel yourself.
OR, you can wait for the next kernel update from your distro provider and apply it as soon as possible.
Kali Linux Installation Requirements
Installing Kali Linux on your computer is an easy process. First, you’ll need compatible computer hardware. Kali is supported on i386, amd64, and ARM (both armel and armhf) platforms. The hardware requirements are minimal as listed below, although better hardware will naturally provide better performance. The i386 images have a default PAE kernel, so you can run them on systems with over 4GB of RAM. Download Kali Linux and either burn the ISO to DVD, or prepare a USB stick with Kali Linux Live as the installation medium. If you do not have a DVD drive or USB port on your computer, check out the Kali Linux Network Install.
- A minimum of 10 GB disk space for the Kali Linux install.
- For i386 and amd64 architectures, a minimum of 512MB RAM.
- CD-DVD Drive / USB boot support
Preparing for the Installation
- Download Kali linux.
- Burn The Kali Linux ISO to DVD or Image Kali Linux Live to USB.
- Ensure that your computer is set to boot from CD / USB in your BIOS.
Kali Linux Installation Procedure
- To start your installation, boot with your chosen installation medium. You should be greeted with the Kali Boot screen. Choose either Graphical or Text-Mode install. In this example, we chose a GUI install.
- Select your preferred language and then your country location. You’ll also be prompted to configure your keyboard with the appropriate keymap.
- The installer will copy the image to your hard disk, probe your network interfaces, and then prompt you to enter a hostname for your system. In the example below, we’ve entered “kali” as our hostname.
- Enter a robust password for the root account.
- Next, set your time zone.
- The installer will now probe your disks and offer you four choices. In our example, we’re using the entire disk on our computer and not configuring LVM (logical volume manager). Experienced users can use the “Manual” partitioning method for more granular configuration options.
- Next, you’ll have one last chance to review your disk configuration before the installer makes irreversible changes. After you click Continue, the installer will go to work and you’ll have an almost finished installation.
- Configure network mirrors. Kali uses a central repository to distribute applications. You’ll need to enter any appropriate proxy information as needed.
- Next, install GRUB.
- Finally, click Continue to reboot into your new Kali installation.
Now that you’ve completed installing Kali Linux, it’s time to customize your system. The Kali General Use section of our site has more information and you can also find tips on how to get the most out of Kali in our User Forums.