Lucene search

K
thnSwati KhandelwalTHN:04F5FC12455795F06BC21F5C803FA77E
HistoryDec 07, 2016 - 4:41 a.m.

5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered

2016-12-0704:41:00
Swati Khandelwal
thehackernews.com
184

0.0004 Low

EPSS

Percentile

7.9%

5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered

A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu.

Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed “Dirty COW,” was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, Debian, and Ubuntu.

Now, another Linux kernel vulnerability (CVE-2016-8655) that dates back to 2011 disclosed today could allow an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel.

Philip Pettersson, the researcher who discovered the flaw, was able to create an exploit to gain a root shell on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities.

In other words, a local unprivileged attacker can use this exploit to cause a denial of service (crashing server) or run arbitrary malicious code with administrative privileges on the targeted system.

> “A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer,” Red Hat security advisory explains.

> “A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

This threat creates a potential danger for service providers to have their servers crashed or hacked through this Linux kernel vulnerability.

_“On Android, processes with gid=3004/AID_NET_RAW are able to create AF_PACKET sockets (mediaserver) and can trigger the bug,” _Pettersson explains.

The vulnerability was patched in the mainline kernel last week, so users are advised to update their Linux distro as soon as possible.