Security Vulnerability Mutagen Astronomy
September 28, 2018

Security Vulnerability: Mutagen Astronomy

Operating Systems

A new proof of concept has been published that applies to the Linux kernel. Known as Mutagen Astronomy, the vulnerability affects Linux system kernels published between July 2007 and July 2017. The issue was assigned CVE-2018-14634 and details a type of privilege escalation caused by the create_elf_tables() function found in RHEL, CentOS, and Debian systems.

The way it works is an attacker who has access to the target system can run an exploit that causes buffer overflow, which then allows further execution of malware to obtain administrative access to the system. Privilege escalation to root is achieved by exploiting a SUID-root binary. It’s important to note that this vulnerability only affects 64bit systems as 32bit systems don’t have the necessary memory space to allow the vulnerability to execute. It’s also unlikely that any systems with less than 32GB of RAM are susceptible to the exploit according to Qualys.

Kernels ranging from 2.6.x, 3.10.x, and 4.14.x are all potentially exploitable. Other Linux distros have patched this issue, but it’s Red Hat, CentOS, and Debian 8 that are still vulnerable, and all three happen to be among the most popular choices for enterprise and business.

We can only advise that you keep an eye out for any updates and patch them immediately when they come out. Proof of concept articles can be found here:

Get the latest updates in open source news with OpenLogic's weekly newsletter.