Enterprises using Linux for their cloud or data center servers may be faced with a larger threat from advanced security attackers in the near future. Based on the Linux Foundation’s estimates back in 2014, 75% of enterprises reported using Linux for the cloud and 79% for application deployments.
In mid-August this year, Mr. Wei Wu, an academic from the Chinese Academy of Sciences and Pennsylvania State University, unveiled an automated technique for generating ROP chain exploits against the Linux kernel at the 24th annual USENIX Security Symposium. The technique utilized, known as KEPLER, enables the operator to automatically evaluate ???control flow hijackable??? CVE’s to generate tens of thousands of exploit chains, a necessary ingredient for the creation of full ROP chain attacks. Of 19 CVEs evaluated, KEPLER was successful in automating the creation of exploit chains for 17 of them, vastly surpassing existing tools.