Page 1 of 1

BlueBorne kernel security vulnerability (CVE-2017-1000251)

Posted: 2017/09/12 19:37:19
by hunter86_bg
Hi guys,

it seems that a new CVE was found.A new kernel is provided kernel-3.10.0-693.2.2.el7.x86_64.rpm but as it will take time to hit CentOS , it seems that the only way to stay safe is per the following Vulnerability Page:
Mitigation

Generally kernel stack memory corruption could be easily leveraged to execute arbitrary code with kernel ring 0 (ie. root) privileges on a system. RHEL kernels are hardened with gcc compile time options which protect against such memory corruption. The gcc -fstack-protector option adds a canary value at the beginning of a function and before the function return address. The -fstack-protector-strong extends the canary protection around local stack variables including arrays of any type and length. While copying data to these stack variables, the kernel validates the canary value to detect any memory corruption and thwarts the impending attack by a kernel panic.
The Bluetooth kernel modules (bluetooth, btusb, bnep) are automatically loaded when the system boots and the Bluetooth service is enabled. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Run the following commands to blacklist the Bluetooth modules, thus preventing them from loading if Bluetooth hardware is present:

# echo "install bnep /bin/true">> /etc/modprobe.d/disable-bluetooth.conf
# echo "install bluetooth /bin/true">> /etc/modprobe.d/disable-bluetooth.conf
​# echo "install btusb /bin/true">> /etc/modprobe.d/disable-bluetooth.conf

Additionally, once the kernel modules are disabled, if you have the bluez (Bluetooth utilities) package installed you will want to have the Bluetooth service disabled at startup. On RHEL 7 execute the following commands as root:

# systemctl disable bluetooth.service
# systemctl mask bluetooth.service
# systemctl stop bluetooth.service


Copyright © 2016 Red Hat, Inc. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.

Re: BlueBorne kernel security vulnerability (CVE-2017-1000251)

Posted: 2017/09/13 16:48:51
by toracat
Thanks for the heads up. kernel-3.10.0-693.2.2.el7 should be available now (or shortly) with the release of CentOS 7.4.1708.