NTFS-3G (Debian < 9) local privilege escalation vulnerability (CVE-2017-0358) exploit has just been released to the public. The level of severity this exploit provides is extremely high due to the fact that hackers can be granted root access instantly. When the local root exploit is executed on a vulnerable server, the user will be given access to full control of the server, allowing them to not only just upload a malicious virus, but basically do whatever they like.
In response to the release of this exploit, Debian has officially released a patch taken control of the situation and problem. Issue solved right? Wrong. Many people will be ignorant and completely unaware of the exploit and patch, and therefore they may delay updating their Operating Systems and will leave them prone to attackers gaining root access on their systems.
A PoC by Kristian Erik Hermansen has also been released earlier today. The POC has been tested on a Debian 9 (Stretch) Operating System. As the Exploit is executed, it simply:
- Gathers server environment information
- Creates a kernel hijack directory
- Creates a Symlink
- Builds a Kernel Module
- Grants you root access
According to Kristian Erik Hermansen, Debian 9 is not the only version of Debian to be vulnerable to the exploit. Debian 8 and Debian 7 along with Ubuntu, Gentoo and many other operating systems are vulnerable too. We advise anyone with the listed Operating Systems to install the patches and/or upgrade to the latest versions to avoid falling victim to this exploit.
Leave a Reply