Linux operating system computers running versions prior to 5.0.8 kernel distributions are impacted by a vulnerability exposing systems committed to a wide variety of remote attacks, as reported by information security services experts.
A threat actor could exploit the vulnerability that resides in the rds_tcp_kill_sock kernel’s TCO/IP implementation to generate denial-of-service and remote code execution conditions on compromised Linux computers.
According to information security services specialists, an attack could begin by using a specially designed TCP package in vulnerable Linux boxes to trigger a series of bugs that would allow hackers to remotely execute arbitrary code in the target system.
The vulnerability, tracked as CVE-2019-11815, has been considered critical by experts from various information security services firms and could be exploited by unauthenticated attackers, as well as requiring no user interaction. However, exploiting the vulnerability is highly complex; it received an exploitability score of 2.2, while the impact received a score of 5.9.
On the other hand, according to the report of the Common Vulnerability Scoring System (CVSS), the vulnerability has a high impact of confidentiality, integrity and availability, which means that a potential attacker could access all the resources of the system, modify any file and restrict access to other areas of the compromised system.
According to the specialists from the International Institute of Cyber Security (IICS), this kind of vulnerabilities, known as use-after-free flaws, are generated by attempts to reference to memory after it has been freed, causing several flaws in the operating system, using unexpected values and executing code.
At the end of March, Linux kernel developers launched an update patch for the vulnerability. Early in 2019, a code execution flaw was also corrected that affected the APT’s high-level packet manager employed by Debian, Ubuntu, and some other Linux distributions.