21.Globe RadiatingCode

The Cybersecurity & Infrastructure Security Agency (CISA) added seven new Linux vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Friday based on evidence of active exploitation, some of which have been known for a decade:

 

  • CVE-2023-25717: Multiple Ruckus Wireless Products CSRF and RCE Vulnerability 
  • CVE-2021-3560: Red Hat Polkit Incorrect Authorization Vulnerability
  • CVE-2014-0196: Linux Kernel Race Condition Vulnerability
  • CVE-2010-3904: Linux Kernel Improper Input Validation Vulnerability
  • CVE-2015-5317: Jenkins User Interface (UI) Information Disclosure Vulnerability
  • CVE-2016-3427: Oracle Java SE and JRockit Unspecified Vulnerability
  • CVE-2016-8735: Apache Tomcat Remote Code Execution Vulnerability (This flaw exists because a component was not updated to take account of Oracle’s fix for CVE-2016-3427.) 

The Impact

These bugs could result in remote code execution (RCE), privilege escalation attacks, denial of service (DoS) attacks leading to memory corruption and system crashes and the compromise of sensitive information. They have recived National Vulnerability Database (NVD) ratings of "critical" or "high-severity" due to the high confidentiality, integrity and availability impact of these issues.

All of these vulnerabilities are connected to Linux, and may have been leveraged in attacks on Linux systems. The Ruckus product vulnerability has been exploited by a DDoS botnet called AndoryuBot. There do not appear to be any public reports describing exploitation of the other vulnerabilities recently added to CISA’s catalog; however, technical details and proof-of-concept (PoC) exploits are available.

How Can I Protect Against These Vulnerabilities?Cisa

Many Linux distributions have released advisories for these vulnerabiliies to describe impact of these flaws and the availability of patches. LinuxSecurity tracks advisories for fifteen popular Linux disros, and the advisories released for these vulnerabilities can be easily found by searching our site for the specific CVE you are interested in. 

To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).