It was discovered the vulnerability in Linux kernel (CVE-2017-6074), which allows unprivileged local user to execute some code with root rights.
This vulnerability is actual for all kernels with DCCP option support, from the 2.6.14 to the 4.9.11 versions inclusive, which were builded with CONFIG_IP_DCCP option.
In most cases, dccp is disabled in kernel and it can be connected like a module. You need to disable dccp in your system.

How to verify and correct:

1) lsmod | grep dccp
If command’s output is empty, it means that module is not used and you need go to pt. 2. If the module is presented, try to disable it with rmmod dccp. If output of “lsmod | grep dccp” is empty after disabling, go to pt. 2. If you can’t turn the module off, there is only one solution – updating the kernel.

2) Try to load the module with “modprobe dccp” command.
If it can’t load and output of “lsmod | grep dccp” is empty, then there is not module in your system and your server is not affected by the vulnerability.

3) Disable the module and block it’s loading:
rmmod dccp
echo install dccp /bin/false > /etc/modprobe.d/blacklist.conf

After these steps, output of command modprobe dccp will generate error.

Leave a Reply

Your email address will not be published. Required fields are marked *