Linux Lite Forums

Need to see this, and I thought we were fine without the need the need for an anti-virus program.
Linux kernel flaw threatens millions of PCs, servers, and Android devices _ PCWorld.html

(01-19-2016, 03:41 PM)tomt link Wrote: [ -> ]Need to see this, and I thought we were fine without the need the need for an anti-virus program.
Linux kernel flaw threatens millions of PCs, servers, and Android devices _ PCWorld.html

Adding a Link for folks:
http://www.pcworld.com/article/3023870/s...vices.html

http://www.networkworld.com/article/3023...s_security

It looks like per the article, affected Kernel is 3.8 and up... Guess its good that LL2.8 beta is at kernel 3.19??..??
But if folks have updated the kernel, they want to be informed..

From the posted articles it appears that someone may have to have physical access to the computer.  It also seems that it takes at least 30 minutes to pull off on a machine with Intel Core i7-5500 CPU, according to the detailed analysis found in the following link.

http://perception-point.io/2016/01/14/an...2016-0728/

According to the PC article as I read it, it starts with kernel 3.8. "The Linux kernel is the core of all Linux-based operating systems, including Android. Its keyring facility provides a way for applications to store sensitive information such as authentication and encryption keys inside the kernel, where other user-space applications cannot access it." I did not see a mention that anything above that kernel would not be affected."According to them, the vulnerability was introduced in kernel version 3.8, released in Feb. 2013".  I could be wrong but that is how I understand it to read. The fact that it is now appearing after all this time still supports my theory for the need to add an anti-virus protection to any distro. They also mentioned in the article that some kernels will be affected for quite some time.

I may be wrong, but it looks to me that you should be OK as long as you only use the software in the regular repositories that come with the system. It is my opinion for the most part that this kind of threat comes into play when you download proprietary or some other unapproved software.  Open source software allows peer review of the code and makes it much harder for an exploit to slip through.

It's been there 3 years, and is there any evidence of this being exploited.??

Kernel numbering folks:

3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13......

POC for the geeks

https://gist.github.com/PerceptionPointT...0f8531ff8f

http://perception-point.io/2016/01/14/an...2016-0728/

Testing this now on LL 2.8 Beta test box. Will report back with results.

After reading Perception Point it looks like 3.8 and up is vulnerable. If this has not been exploited before, you can bet the chances are good it will be now.

Got a segmentation fault when running it so not going to spend forever analyzing this, was just curious. Vuln requires physical access to your pc. So if you have a friend who's a wizard on the command line, keep him/her away from your pc

To update:


Reboot.

Lite Tweaks, Kernel Removal, remove all other 3.13 kernels.