Protecting against CVE-2018-14634 (Mutagen Astronomy)
There is a new exploit, rated as 7.8 severity level, that affects major Linux distributions of RedHat Enterprise Linux, Debian 8 and CentOS on both VPS servers as well as dedicated servers, called Mutagen Astronomy. Mutagen Astronomy exploits an integer overflow vulnerability in the Linux kernel and supplies root access (admin privileges) to unauthorized users on the intended server. This exploit affects Linux kernel version dating back from July 2007 to July 2017. Living in the kernel, the memory table can be manipulated to overflow using the create_tables_elf() function. After overwhelming the server, the hacker can then overtake the server with its malicious intents.
As mentioned this vulnerability is present in RedHat, Debian 8 (Debian 9 are not vulnerable), and CentOS 6 and 7 but its limited to affecting only 64-bit versions. The 32-bit versions do not have the address space to overwhelm the server and thus no patch is needed. Along with 64-bit versions, the exploit is limited to Linux kernel versions 2.6.x, 3.10.x, and 4.14.x. (Read our article How To Check the Kernel Version to see which version you are running) Proof of concept reported on August 31, 2018, and remediation from a one-year-old patch was backported to most LTS (long-term support) kernels, CentOS and Debian 8 remain vulnerable. Luckily, patches CentOS 6 /7 and RHEL 7 are below but the world waits for RHEL 6 and Debian 8 remedy. Check back here for updates as they become available.
CentOS 6 and 7 Patch for Mutagen Astronomy
Step 1: Utilizing SystemTap.
Use SystemTap to extract, filter and summarize data to diagnosis performance or functional problems.
yum install systemtap systemtap-runtime
Step 2: Create a File
Using your preferred text editor create a file name mutagenastronomypatch.stp and copy and paste the following info:
// CVE-2018-14634
Step 3: Run the Script
//
// Theory of operations: adjust the thread's # rlimit-in-effect around
// calls to the vulnerable get_arg_page() function so as to encompass
// the newly required _STK_LIM / 4 * 3 maximum.
// Complication: the rlimit is stored in a current-> structure that
// is shared across the threads of the process. They may concurrently
// invoke this operation.
function clamp_stack_rlim_cur:long ()
%{
struct rlimit *rlim = current->signal->rlim;
unsigned long rlim_cur = READ_ONCE(rlim[RLIMIT_STACK].rlim_cur);
unsigned long limit = _STK_LIM / 4 * 3;
limit *= 4; // multiply it back up, to the scale used by rlim_cur
if (rlim_cur > limit) {
WRITE_ONCE(rlim[RLIMIT_STACK].rlim_cur, limit);
STAP_RETURN(limit);
} else
STAP_RETURN(0);
%}
probe kernel.function("copy_strings").call
{
l = clamp_stack_rlim_cur()
if (l)
printf("lowered process %s(%d) STACK rlim_cur to %p\n",
execname(), pid(), l)
}
probe begin {
printf("CVE-2018-14634 mitigation loaded\n")
}
probe end {
printf("CVE-2018-14634 mitigation unloaded\n")
}
Lastly, execute the newly created script:
stap -g mutagenastronomypatch.stp
RHEL 7 Patch for Mutagen Astronomy
Step 1: Log in to your CentOS server
ssh root@ip
Step 2: Yum Updates to the Kernel
yum update kernel
Related Articles:

About the Author: Echo Diaz
Throughout Echo's four year stint as a technical support specialist, her passion for breaking down complex concepts had to lead to a career in professional writing. As a former top tier support specialist, she added a distinctive element to her written work that spoke to customer feedback and concerns. Echo occasionally pops her head out from behind her computer to watch her dog energetically run around the yard and unabashedly shovels money into buying tickets to see her favorite musical artists.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.
Latest Articles
How to Install WordPress on Linux (AlmaLinux)
Read ArticleWhat is CentOS? Everything You Need to Know
Read ArticleWhat is CentOS? Everything You Need to Know
Read ArticleRedis as Cache: How It Works and Why You Should Use It
Read ArticleRefer-a-Friend Program for Website Hosting: Get $100 for Each Friend!
Read Article