Going up! Linux flaw lets users elevate to root...

October 23, 2016

A vulnerability in Linux (CVE-2016-0728) was announced last week which enables users to trivially elevate their privilege level to that of root.


The vulnerability impacts many Linux based systems including certain version of Android, it is likely to impact on embedded device software running on many network devices too.


How about a game of Thermonuclear War?


Whatever flavour of Linux you are running, whether its in the Cloud or locked in your deepest darkest server room, this is one issue you want to make sure you patch against as soon as possible. Whilst local access makes this a trivial hack for users to run (with the code freely available on the web), there is now a real risk of attacks against your publicly accessible systems leading to code being run at root level.


Most attacks against web infrastructure only get to run at the privilege level of the interface process, hopefully if you are following good practice such as OWASP, you'll have your processes running at a least privilege model. But this particular bug is a game changer if your systems are running effected versions of Linux because now there is the potential for the elevation code to run with root access.


Don't be David Lightman, you don't want to roll the dice and end up simulating the end of the world... get this one patched pronto.


Redhat/CentOS: https://access.redhat.com/articles/2131021

Ubuntu 14.04: http://www.ubuntu.com/usn/usn-2870-1/

Ubuntu 15.04: http://www.ubuntu.com/usn/usn-2871-1/

Ubuntu 15.10: http://www.ubuntu.com/usn/usn-2872-1/

Amazon Linux (2014.03 – 2015.09): https://alas.aws.amazon.com/ALAS-2016-642.html






Share on Facebook
Share on Twitter
Please reload

Featured Posts
RSS Feed

What is the real value of encryption?

January 9, 2017

Please reload

Recent Posts
Please reload

Please reload

Search By Tags
Please reload