Jump to content


Critical Linux Kernel Flaw Being Exploited in the Wild


  • Please log in to reply
11 replies to this topic

#1 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 3,963 posts

Posted 21 October 2016 - 04:24 PM

Quote

A nine-year-old critical vulnerability has been discovered in virtually all versions of the Linux operating system and is actively being exploited in the wild.

Dubbed "Dirty COW," the Linux kernel security flaw (CVE-2016-5195) is a mere privilege-escalation vulnerability, but researchers are taking it extremely seriously due to many reasons.

First, it's very easy to develop exploits that work reliably. Secondly, the Dirty COW flaw exists in a section of the Linux kernel, which is a part of virtually every distro of the open-source operating system, including RedHat, Debian, and Ubuntu, released for almost a decade.

And most importantly, the researchers have discovered attack code that indicates the Dirty COW vulnerability is being actively exploited in the wild.

Dirty COW potentially allows any installed malicious app to gain administrative (root-level) access to a device and completely hijack it.

More at Dirty COW Critical Linux Kernel Flaw Being Exploited in the Wild
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#2 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,243 posts

Posted 21 October 2016 - 04:33 PM

Yeah but luckily it was fixed the day it was announced. Most distros should of updated it already as the patch was released yesterday. https://www.kernel.org/
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#3 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 3,963 posts

Posted 21 October 2016 - 08:07 PM

Thanks.  I need to pass that along to a friend.

Here's the US-CERT Info: https://www.us-cert....l-Vulnerability
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#4 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,243 posts

Posted 21 October 2016 - 08:23 PM

:thumbsup:
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#5 OFFLINE   Robert

Robert

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 304 posts

Posted 22 October 2016 - 03:29 PM

Does this require physical access to the computer?

#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,243 posts

Posted 22 October 2016 - 03:54 PM

View PostRobert, on 22 October 2016 - 03:29 PM, said:

Does this require physical access to the computer?

Yes, a local user.

https://www.kb.cert.org/vuls/id/243144
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#7 OFFLINE   Cluttermagnet

Cluttermagnet

    Nocturnal Radio Geek

  • Forum MVP
  • 3,803 posts

Posted 23 October 2016 - 03:51 AM

What a relief! (the local user part). I think we are safe in all our machines, then.
I doubt anyone would find us important enough to sneak into our houses.

I must have somewhere between 12-20 machines with Linux Mint on them.
Probably use 8-10 of those at least monthly, most of them daily.

BTW Hi, All. Been far too long...
Special Limited Edition Cluttermaster 2007 with direct air cooling system.
"ClutterLabs" --open hardware for open software" .......... Registered Linux User 446867


("It takes an entire village to raise a child...")
"It takes only one bulldozer to raze an entire village..."
"Hey, Mel- isn't that your kid driving that bulldozer?"

In loving memory of Bruno Knaapen of Amsterdam, who shared
his love of Linux, and thereby made the world a better place...

#8 OFFLINE   Dr. J

Dr. J

    Post Master

  • Members
  • PipPipPipPip
  • 201 posts

Posted 23 October 2016 - 12:23 PM

According to the Manjaro forums, all supported kernels have already been patched in the Testing branch on that distro, with patches to enter the Stable branch soon.
/usr/bin/drinking
~/hungover

#9 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,587 posts

Posted 23 October 2016 - 03:29 PM

All systems are vulnerable when the physical device is exposed to unwanted fingers. I can break into and steal data from any of your Windows or Linux systems with nothing more than a portable USB linux OS and a bit of space on it to save your data once I access it and steal it. Porteus mounts all partitions on a system as root by default when started from a USB. Your only protection would be if your files were encrypted. Even then, I could still get in and lock them down with my own encryption and then ransom them. Or I could just delete them.

I understand this flaw in the kernel we're talking about here is something that should never have been allowed and overlooked for so long, but I don't think it's anything near as dangerous as most of the FUD going around portends.

Happy computing! Oh, and watch out for those Internet of Things. They're going to come around and bite you in the ascii someday; just ask Dyn about that. ;)

#10 OFFLINE   crp

crp

    Board Bigwig

  • Members
  • PipPipPipPipPipPipPipPipPipPipPip
  • 2,967 posts

Posted 23 October 2016 - 06:09 PM

View PostV.T. Eric Layton, on 23 October 2016 - 03:29 PM, said:

All systems are vulnerable when the physical device is exposed to unwanted fingers. I can break into and steal data from any of your Windows or Linux systems with nothing more than a portable USB linux OS and a bit of space on it to save your data once I access it and steal it. Porteus mounts all partitions on a system as root by default when started from a USB. Your only protection would be if your files were encrypted. Even then, I could still get in and lock them down with my own encryption and then ransom them. Or I could just delete them.

I understand this flaw in the kernel we're talking about here is something that should never have been allowed and overlooked for so long, but I don't think it's anything near as dangerous as most of the FUD going around portends.

Happy computing! Oh, and watch out for those Internet of Things. They're going to come around and bite you in the ascii someday; just ask Dyn about that. ;)
  Heartily agree and second. I don't consider any security issue that involves physical access as critical. If people who should not already have access to the physical machine that is the critical flaw, anything after that is "closing the barn doors after ..."
However, if the flaw only requires a remote login , then yeah FUD it all out.
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. ~C. S. Lewis

#11 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,590 posts

Posted 23 October 2016 - 06:15 PM

View PostV.T. Eric Layton, on 23 October 2016 - 03:29 PM, said:

Happy computing! Oh, and watch out for those Internet of Things. They're going to come around and bite you in the ascii someday; just ask Dyn about that. ;)
I'm pretty sure that day has already come for Amazon, Netflix, etc.
Registered Linux User 344759

#12 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 20,587 posts

Posted 24 October 2016 - 01:24 PM

http://tinyurl.com/zkjght4 (Computer World article)

From the article linked above:

"Since this is a local privilege escalation flaw that cannot be directly exploited by remote attackers, it is only rated as high severity and not critical. To take advantage of it attackers need to first obtain limited access to a server in some other way, such as through another vulnerability."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users