A vulnerability in Linux (CVE-2016-0728) was announced last week which enables users to trivially elevate their privilege level to that of root.
The vulnerability impacts many Linux based systems including certain version of Android, it is likely to impact on embedded device software running on many network devices too.
How about a game of Thermonuclear War?
Whatever flavour of Linux you are running, whether its in the Cloud or locked in your deepest darkest server room, this is one issue you want to make sure you patch against as soon as possible. Whilst local access makes this a trivial hack for users to run (with the code freely available on the web), there is now a real risk of attacks against your publicly accessible systems leading to code being run at root level.
Most attacks against web infrastructure only get to run at the privilege level of the interface process, hopefully if you are following good practice such as OWASP, you'll have your processes running at a least privilege model. But this particular bug is a game changer if your systems are running effected versions of Linux because now there is the potential for the elevation code to run with root access.
Don't be David Lightman, you don't want to roll the dice and end up simulating the end of the world... get this one patched pronto.
Ubuntu 14.04: http://www.ubuntu.com/usn/usn-2870-1/
Ubuntu 15.04: http://www.ubuntu.com/usn/usn-2871-1/
Ubuntu 15.10: http://www.ubuntu.com/usn/usn-2872-1/
Amazon Linux (2014.03 – 2015.09): https://alas.aws.amazon.com/ALAS-2016-642.html