The cybersecurity researchers at Qualys has invented a local privilege escalation (LPE) hazards in Linux’s filesystem which permits hackers to root access on current distros, such as Ubuntu, Debian, and Fedora. The security analysts at Qualys have labelled this defect as “Sequoia,” and tracked it with CVE ID: CVE-2021-33909.
Sequoia is recognized in the Linux Kernel’s filesystem and is make use of all the Linux OS in order to control the users data. In consonance with Qualys security researchers if a penurious hacker generates, organizes or deletes a directory whose structure size beyonds 1GB the Sequoia bug exist in the Linux OS filesystem, admitting any impoverished account to run code with root privileges.
“Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are likely vulnerable and probably exploitable,” Bharat Jogi, Sr. Manager, Vulnerabilities and Signatures, Qualys wrote in a blog post.
The researchers stated that the Linux Kernel Versions since 2014 are vulnerable.
To justify it, the researchers at Qualys have claimed that on the default installations of the major distros like, Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation they have managed to gain root privileges after they successfully exploited the flaw.
Together with this defect, professionals at Qualys has invented another one tracked as CVE-2021-33910. This flaw is found in all versions of systemd and attacking all the systemd versions released.