Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Dataprise
Table of content
In an advisory released by Redhat (informed by researchers at Qualys) on July 20, 2021 via their website, a vulnerability in the Linux kernel file system that allows attackers to gain root privileges has been disclosed. This vulnerability is a Local Privilege Escalation (LPE) vulnerability. This exploit has been named Sequoia and is being tracked as CVE-2021-33909. Though this vulnerability can only be exploited locally, Dataprise still considers this a HIGH severity incident because an attacker can gain root privileges on a vulnerable host. All Linux kernel versions from 2014 (Linux 3.16) onwards are vulnerable.
In this local privilege escalation vulnerability, CVE-2021-33909, fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. This vulnerability allows an attack against the Linux kernel. An unprivileged local attacker can exploit this vulnerability by creating, mounting and deleting a deep directory structure whose total path length exceeds 1GB, A successful attack results in privilege escalation. This vulnerability affects a wide range of Linux distributions, including RedHat, Debian, Ubuntu and many other. Redhat has developed a patch for this vulnerability. It is advised to apply the patches/upgrade the Linux packages for this vulnerability.
Ars Technica provides the following summary of how the exploit works:
<p< p=””>
</p<>
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.