*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Local privilege escalation in Linux kernel
« on: January 20, 2016, 02:20:15 AM »
Linux version 3.8 and newer, which accounts for most modern desktop and server Linux systems, as well as most Android devices, is subject to a local privilege escalation attack.

http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

I don't have time to write a lot now (I'm posting from my phone at work), but basically this allows any untrusted application to gain full administrative permissions. There are situations which make this bug more difficult to exploit, but as the consequences are dire, you should patch any systems you maintain which are affected.

In case you missed it before: This affects Android, at least most recent devices (from the past couple of years or so). If you have an Android device and you see a software update available, install it now!

Edit: In case anyone was wondering, we're not vulnerable. The server hosting this forum is running a kernel too old to be affected.
« Last Edit: January 20, 2016, 02:26:58 AM by Parsifal »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Rushy

  • Planar Moderator
  • *****
  • Posts: 8569
    • View Profile
Re: Local privilege escalation in Linux kernel
« Reply #1 on: January 20, 2016, 02:41:18 AM »
running a kernel too old to be affected.

Ah, yes, the Unisys strategy.

Re: Local privilege escalation in Linux kernel
« Reply #2 on: January 20, 2016, 09:31:01 PM »
I'm running kernel version 3.4 on my phone. Thanks for the heads up!
Quote from: Saddam Hussein
I don't know what you're implying, but you're probably wrong.

*

Offline Misero

  • *
  • Posts: 94
  • Evidence, Evidence, Evidence, and more Evidence.
    • View Profile
Re: Local privilege escalation in Linux kernel
« Reply #3 on: January 22, 2016, 01:44:29 AM »
And this is why Apple is so paranoid with iOS. Never works though. '"iOS 9 has no root!" he reads as looks at MTerminal on iOS 9.0.2'
The problem with this is that Android users are aware of the fact that their device is a computer and is therefore vulnerable to attacks. Apple users are led to believe iOS is exploit proof. When was the last time Android could be completely exposed by one website?
</rant>
Nobody should ever follow my standard.  I am the worst moderator ever.
Yes, I'll still keep that in mind on this forum too.

*

Offline markjo

  • *
  • Posts: 7849
  • Zetetic Council runner-up
    • View Profile
Re: Local privilege escalation in Linux kernel
« Reply #4 on: January 22, 2016, 03:30:19 PM »
When was the last time Android could be completely exposed by one website?
</rant>
ummm...  Last November.
http://www.pcmag.com/article2/0,2817,2495136,00.asp
Abandon hope all ye who press enter here.

Science is what happens when preconception meets verification.

Ignorance more frequently begets confidence than does knowledge. -- Charles Darwin

If you can't demonstrate it, then you shouldn't believe it.

*

Offline Misero

  • *
  • Posts: 94
  • Evidence, Evidence, Evidence, and more Evidence.
    • View Profile
Re: Local privilege escalation in Linux kernel
« Reply #5 on: January 23, 2016, 10:56:47 PM »
Ah, sorry. Didn't hear about that.
Nobody should ever follow my standard.  I am the worst moderator ever.
Yes, I'll still keep that in mind on this forum too.