Security Bulletin: Linux kernel privesc Dirty COW vulnerability affects IBM Tivoli Netcool Impact (CVE-2016-5195)

Summary

A vulnerability in the Linux kernel privesc impacts IBM Tivoli Netcool Impact on Linux platform.

Vulnerability Details

CVEID: CVE-2016-5195
Description: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition when handling the copy-on-write (COW) breakage of private read-only memory mappings by the memory subsystem. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system.
Note: This vulnerability is known as the Dirty COW bug.
CVSS Base Score: 8.400
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/118170&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

This is a privilege escalation vulnerability affecting all-vendor Linux kernels for the last 10+ years.

This is noteworthy as an exploit using this flaw has been found in the
wild. Sending to this list as it hasn’t gained much attention yet and you
may have environments where privilege escalations are of concern.

More details <https://bugzilla.redhat.com/show_bug.cgi?id=1384344&gt;
<https://access.redhat.com/security/vulnerabilities/2706661&gt;

-—Some Additional Details

Red Hat indicated that the Dirty COW vulnerability (CVE-2016-5195) has been exploited in the wild. Exploit code has been made available on the Internet. Since this vulnerability deals with a Linux kernel issue, a number of different distributions are affected. A partial list includes Red Hat, Debian, Ubuntu, Gentoo, SUSE, Mageia, as well as potentially others. An advisory, published by Security Focus, lists the various kernel versions believed to be vulnerable to this local privilege escalation vulnerability. We advise monitoring your distribution’s web site for a new kernel release and updating as soon as it is available.

<https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c&gt;
<https://access.redhat.com/security/vulnerabilities/2706661&gt;
<https://access.redhat.com/security/cve/CVE-2016-5195&gt;
<https://bugzilla.redhat.com/show_bug.cgi?id=1384344&gt;
<https://security-tracker.debian.org/tracker/CVE-2016-5195&gt;
<https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html&gt;
<https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-5195&gt;
<https://bugzilla.novell.com/show_bug.cgi?id=CVE-2016-5195&gt;
<https://advisories.mageia.org/&gt;
<https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619&gt;
<http://www.securityfocus.com/bid/93793&gt;
<https://dirtycow.ninja/&gt;

Affected Products and Versions

Principal Product and Version(s)

| Affected Platform(s)
—|—
IBM Tivoli Netcool Impact 6.1.x
IBM Tivoli Netcool Impact 7.1.x| Since this vulnerability deals with a Linux kernel issue, a number of different distributions are affected. A partial list includes Red Hat, Debian, Ubuntu, Gentoo, SUSE, Mageia, as well as potentially others.

Remediation/Fixes

Principal Product and Version(s)

| Affected Platform(s)
—|—
IBM Tivoli Netcool Impact 6.1.x
IBM Tivoli Netcool Impact 7.1.x| Find out more about CVE-2016-5195 from the MITRE CVE dictionary.