Security Bulletin: Linux kernel privesc Dirty COW vulnerability affects Tivoli Business Service Manager (CVE-2016-5195)

Summary

A vulnerability in the Linux kernel privesc impacts Tivoli Business Service Manager (TBSM) on Linux platform.

Vulnerability Details

CVEID: CVE-2016-5195
Description: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition when handling the copy-on-write (COW) breakage of private read-only memory mappings by the memory subsystem. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system.
Note: This vulnerability is known as the Dirty COW bug.
CVSS Base Score: 8.400
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/118170&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

This is a privilege escalation vulnerability affecting all-vendor Linux kernels for the last 10+ years.

This is noteworthy as an exploit using this flaw has been found in the
wild. Sending to this list as it hasn’t gained much attention yet and you
may have environments where privilege escalations are of concern.

More details <https://bugzilla.redhat.com/show_bug.cgi?id=1384344&gt;
<https://access.redhat.com/security/vulnerabilities/2706661&gt;

-—Some Additional Details

Red Hat indicated that the Dirty COW vulnerability (CVE-2016-5195) has been exploited in the wild. Exploit code has been made available on the Internet. Since this vulnerability deals with a Linux kernel issue, a number of different distributions are affected. A partial list includes Red Hat, Debian, Ubuntu, Gentoo, SUSE, Mageia, as well as potentially others. An advisory, published by Security Focus, lists the various kernel versions believed to be vulnerable to this local privilege escalation vulnerability. We advise monitoring your distribution’s web site for a new kernel release and updating as soon as it is available.

<https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c&gt;
<https://access.redhat.com/security/vulnerabilities/2706661&gt;
<https://access.redhat.com/security/cve/CVE-2016-5195&gt;
<https://bugzilla.redhat.com/show_bug.cgi?id=1384344&gt;
<https://security-tracker.debian.org/tracker/CVE-2016-5195&gt;
<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html&gt;
<https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-5195&gt;
<https://bugzilla.novell.com/show_bug.cgi?id=CVE-2016-5195&gt;
<https://advisories.mageia.org/&gt;
<https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619&gt;
<http://www.securityfocus.com/bid/93793&gt;
<https://dirtycow.ninja/&gt;

Affected Products and Versions

Principal Product and Version(s)

| Affected Platform(s)
—|—
Tivoli Business Service Manager 6.1.x| Since this vulnerability deals with a Linux kernel issue, a number of different distributions are affected. A partial list includes Red Hat, Debian, Ubuntu, Gentoo, SUSE, Mageia, as well as potentially others.

Remediation/Fixes

Principal Product and Version(s)

| Affected Platform(s)
—|—
Tivoli Business Service Manager 6.1.x| Find out more about CVE-2016-5195 from the MITRE CVE dictionary.

Workarounds and Mitigations

None