Tuesday, September 2, 2014

Security Issue: RHEL glibc based privilege escalation (CVE-2014-5119, Important)

There is a flaw in glibc that can allow a local unprivileged user to gain root on Red Hat Enterprise Linux machines.

A public exploit has been released on August 25th. This issue is tracked as CVE-2014-5119 in the MITRE Common Vulnerabilities and Exposures (CVE) database. The issue can not be blocked by our security technologies (such as SELinux). This issue affects the version of glibc as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Please update your glibc to the latest version. Check the errata RHSA-2014:1110-1 for the glibc that matches your operating system version.

See this KCS article for more detail: https://access.redhat.com/solutions/1176253

No comments: