Security firm Qualys has disclosed three flaws (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 ) in a component of
The flaws reside in the
Both CVE-2018-16864 and CVE-2018-16865 bugs are memory corruption vulnerabilities, while the CVE-2018-16866 is an out of bounds issue that can lead to an
Security patches for the three vulnerabilities are included in
“CVE-2018-16864 was introduced in April 2013 (
Qualys experts were working on an exploit for another Linux vulnerability when noticed that passing several megabytes of command-line arguments to a program that calls
“CVE-2018-16865 was introduced in December 2011 (
The experts developed a PoC exploit for both CVE-2018-16865 and CVE-2018-16866 that is able to obtain a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average. They plan to publish the exploit code in the near future.
In an attack scenario against a Linux box, the CVE-2018-16864 can be exploited by
The CVE-2018-16865 was found by the experts because surprised by the heavy usage of
The CVE-2018-16866 flaw appeared in June 2015 (v221) and was fixed inadvertently in August 2018.
“We discovered an out-of-bounds read in
The security firm acknowledged
(SecurityAffairs – Linux, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.