Protecting against CVE-2018-14634 (Mutagen Astronomy)

There is a new exploit, rated as 7.8 severity level,  that affects major Linux distributions of RedHat Enterprise Linux, Debian 8 and CentOS named Mutagen Astronomy. Mutagen Astronomy exploits an integer overflow vulnerability in the Linux kernel and supplies root access (admin privileges) to unauthorized users on the intended server. This exploit affects Linux kernel version dating back from July 2007 to July 2017.  Living in the Kernel, the memory table can be manipulated to overflow using the create_tables_elf() function. After overwhelming the server, the hacker can then overtake the server with its malicious intents.

As mentioned this vulnerability is present in RedHat, Debian 8, and CentOS distributions but is limited to affecting only 64-bit versions as the 32-bit versions do not have the address space to overwhelm the server.  Along with 64-bit versions, the exploit is also limited to Linux Kernel versions 2.6.x, 3.10.x, and 4.14.x. (Read our article How To Check the Kernel Version to see which version you are running)  Proof of concept reported on August 31, 2018, and although remediation from a one-year-old patch was backported to most LTS (long-term support) kernels, CentOS and Debian 8 remain vulnerable.

RedHat has recently released a patch and updating to kernel-3.10.0-862.14.4.el7.x86_64.rpm will keep you safe from Mutagen Astronomy. Unfortunately, CentOS and Debian 8 distributions have not yet released a patch for the Mutagen Astronomy vulnerability but stay tuned as we will be updating this article once information is released.


Be Sociable, Share!

    Author Bio

    About the Author: Echo Diaz

    Throughout Echo's four year stint as a technical support specialist, her passion for breaking down complex concepts has to lead to a career in professional writing. As a top tier support specialist, she adds a distinctive element to her written work that speaks to customer feedback and concerns.

    Echo occasionally pops her head out from behind her computer to watch her dog energetically run around the yard and unabashedly shovels money into buying tickets to see her favorite musical artists.

    Here's 75 % off, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support