>_COMMAND ZERO
medium
Single Answer
0

Jared's organization runs Linux servers, and recent vulnerability scans show that the servers are vulnerable to an issue that is described as follows: CVE-2018-5703: tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write). What is Jared's best option to remediate a kernel vulnerability like this?

Answer Options

A

Patch the application.

B

Install a HIPS with appropriate rules.

C

Segment the systems away from the Internet to reduce risk.

D

Patch the operating system.

Correct Answer: D

Explanation

The Linux kernel is part of the operating system and needs to be handled with an OS patch. There is no application to patch, installing a HIPS might help, but the issue is dated 2018, meaning that a patch likely exists. If there wasn't a patch and this was a new vulnerability, segmentation might be a useful immediate response to reduce risk.