A bug has been found in the Linux kernel that could allow an authenticated but unprivileged local user to gain write access to otherwise read-only memory and escalate their privileges on the system.
Opengear Data Center, Remote Site and Centralized Management products have been found to be vulnerable.
To mitigate, ensure unprivileged users are not granted CLI access. Users are not granted CLI access unless they have been made members of the users group. In firmware 3.16.6 and later, users may also be granted CLI access via membership of a custom group containing the Basic management privileges via shell and WebUI role. To revoke CLI access for these users, add them to the pmshell group which forces their shell to portmanager rather than the CLI.
Opengear will release firmware to fix this bug as part of our regular release cycle.
More information on the vulnerability can be found at: https://dirtycow.ninja/
Article is closed for comments.