• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Antivirus For Linux • Antivirus For Server • Education • Endpoint Security  /  CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel
27 May 2019

CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel

Written by ganesh lakariya
ganesh lakariya
Antivirus For Linux, Antivirus For Server, Education, Endpoint Security
Estimated reading time: 2 minutes

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all.

This flaw could enable an attacker to compromise a system and vulnerability could be exploited by any remote attacker. They could do this with no privilege requirement over the network. There is no user interaction also required.

An attacker could exploit the following vulnerabilities:

  • Allow unauthorized disclosure of information
  • Allow unauthorized modification
  • Allow disruption of service

These could trigger a DOS (Denial of Service) condition.

The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation vulnerability. The vulnerability only affects Linux kernels prior to 5.0.8, that use the Reliable Datagram Sockets (RDS) for the TCP module

“According to security experts a system that has the rds_tcp kernel module loaded either manually or automatically by a local process, could potentially allow an attacker to manipulate the socket state based on a Use-After-Free (UAF) condition, trigger the memory corruption and privilege escalation on the target system”, reads the security advisory published by the NIST.

Previous similar vulnerabilities:

  1. MiTM vulnerabilities leading to code execution patched in APT
    In January, there was a flaw related with code execution impacting the APT high-level package manager. This vulnerability was described as a ‘content injection in http method’ and it was tracked as CVE-2019-3462 which leads to man in the middle attack. An attacker could execute code with the root privileges on the victim’s system.

2. Similar kind of issue was discovered by Google Project Zero’s Jann Horn in December 2016, which later
patched.

What should you do?

The problem has been patched in version 5.0.8 of the Linux kernel so, users can upgrade to a later kernel version.

If you can’t upgrade, or if you don’t want to deal with kernel compilations and dependencies, you may blacklist the “rds.ko” module.

Note: Right now, there have been no known cases of exploitation and the security experts consider this vulnerability to be very complicated to exploit but, admins or users should upgrade their Linux kernel version is the only preventive step.

 

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2019-11815

https://access.redhat.com/security/cve/cve-2019-11815

 

Analysis by:

Swapnil Nigade and Ganesh Lakariya (Security Labs-QA)

 Previous PostSeqrite Endpoint Security supports the Windows 10 May 2019 Update
Next Post  Rise of cyber-physical attacks
ganesh lakariya
About ganesh lakariya

Ganesh Lakariya is a technical lead in Quality Assurance department at Security Labs. He has 10+ years of experience in security domain & is excellent in...

Articles by Ganesh Lakariya »

Related Posts

  • Is accelerating enterprise digital transformation leading to cyberthreats?

    Is accelerating enterprise digital transformation leading to cyberthreats?

    November 25, 2020
  • Seqrite Endpoint Security 7.6 supports macOS Big Sur 11

    Seqrite Endpoint Security 7.6 supports macOS Big Sur 11

    November 14, 2020
  • Seqrite Endpoint Security supports Windows 10 October 2020 Update

    Seqrite Endpoint Security Supports Windows 10 October 2020 Update 20H2

    October 26, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.