centos exploit安全公告

Common CentOS Exploits and Security Advisories

1. Dirty Cow Privilege Escalation Vulnerability

Impact: A race condition in the Linux kernel’s Copy-on-Write (CoW) mechanism allows local attackers to gain root privileges by modifying read-only memory.
Versions Affected: CentOS 4/5/6/7 (older kernels).
Detection: Run uname -r to check the kernel version; if below 2.6.31-rc6 or 2.4.37.5, the system is vulnerable.
Mitigation: Upgrade to a patched kernel (≥2.6.31-rc6), apply kernel hardening (e.g., Grsecurity/PaX with KERNEXEC), or restrict pppox, bluetooth, and other modules via /etc/modprobe.conf (e.g., install pppox /bin/true) and reboot.

2. Pkexec Setuid Privilege Escalation

Impact: Improper argument handling in pkexec (a setuid tool for privilege escalation) lets attackers execute arbitrary commands as root.
Versions Affected: CentOS 6, 7, 8 (prior to fixed versions).
Detection: Check pkexec version via rpm -q pkexec; if outdated, the system is at risk.
Mitigation: Upgrade pkexec via yum update pkexec or apply a patch from the vendor. Disable pkexec if not needed (systemctl disable pkexec).

3. Sudo Remote Code Execution (CVE-2021-3156)

Impact: A heap-based buffer overflow in sudo (1.8.9–1.8.23) allows attackers to execute arbitrary code via crafted environment variables.
Versions Affected: CentOS 7 (sudo 1.8.23 and earlier).
Detection: Run sudo --version; if the version is within the affected range, apply updates immediately.
Mitigation: Upgrade sudo to a patched version (≥1.9.17p1 for CentOS 7) via yum update sudo. Restrict sudo access to trusted users and commands (edit /etc/sudoers to avoid ALL=(ALL)).

4. Netfilter/nf_tables Release After Free (CVE-2024-1086)

Impact: A use-after-free flaw in the nf_tables subsystem enables local attackers to escalate privileges and deploy ransomware (e.g., LockBit).
Versions Affected: CentOS 7/8 (kernel < 6.1.77).
Detection: Run uname -r to check the kernel version; if below 6.1.77, the system is vulnerable.
Mitigation: Upgrade the kernel to ≥6.1.77 via yum update kernel. Apply SELinux policies to restrict nf_tables access and monitor logs for suspicious activity (e.g., grep nf_tables /var/log/secure).

5. XZ Utils Backdoor (CVE-2024-3094)

Impact: A malicious backdoor in XZ Utils (a compression library) allows attackers to execute arbitrary code during package installation.
Versions Affected: CentOS 8/Stream 8 (XZ Utils ≤5.6.0).
Detection: Run rpm -qa xz to check the version; if ≤5.6.0, the package is vulnerable.
Mitigation: Remove the vulnerable package (yum remove xz) and reinstall from trusted repositories. Monitor system logs for unusual compression-related activities.

General Security Recommendations

• Timely Updates: Regularly run sudo yum update --security to apply critical patches. Enable automatic updates for security fixes.
• Firewall Configuration: Use firewalld or iptables to restrict inbound/outbound traffic (e.g., allow only SSH on port 22).
• SELinux Enforcement: Enable SELinux in enforcing mode (setenforce 1) to limit process privileges.
• Minimal Installation: Avoid installing unnecessary packages to reduce the attack surface.
• Monitoring & Scanning: Use tools like OpenVAS or Lynis to scan for vulnerabilities and monitor system logs for suspicious behavior.

For CentOS 7 users, note that official support ended in June 2024. Migrate to supported distributions (e.g., Rocky Linux 9, AlmaLinux 9) to receive ongoing security updates and reduce risks.

声明：本文内容由网友自发贡献，本站不承担相应法律责任。对本内容有异议或投诉，请联系2913721942#qq.com核实处理，我们将尽快回复您，谢谢合作！