Tales from the Certified Hacker: Urgent Linux Patch

29 Sep 2017


The majority of this blog post is related to Linux, but there is also an advisory regarding IIS 6.0 on Windows Server 2003 R2.

First to Linux: A kernel issue was discovered two years ago, identified as CVE-2017-1000253* by Google researcher Michael Davidson in April 2015. It was not considered serious, and as such, a patch for this flaw had not been released until now. Why now? Qualys Research Labs have found the vulnerability can be exploited as below:


Linux distributions that have not patched their long-term kernels with
https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86
(committed on 14 April 2015) are vulnerable to CVE-2017-1000253, a Local Privilege Escalation.

Most notably, all versions of CentOS 7 before 1708 (released on 13 September 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on 1 August 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.

The full advisory from Qualys can be found here:
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

Now on to Windows Server 2003 R2. Not much of this around? From 14 July 2015, this version is no longer receiving security updates and as such is vulnerable to any flaws found since that date. According to Grantek:
https://grantek.com/windows-server-2003-still-alive-but-not-well/

There are still around 600,000 IIS 6.0 web servers on 2003 out there facing the Internet, with a vulnerability which allows cybercriminals to generate Monero cryptocoins on these vulnerable servers. The vulnerability CVE-2017-1769 was discovered by Zhiniang Peng and Chen Wu in March 2017. The only solution? Upgrade to a supported version of Windows Server, and patch frequently!

*CVE is the abbreviation for Common Vulnerabilities and Exposures.

Stay safe,
Terry Griffin, DDLS Principal Technologist: Security