[ SECURITY ] Linux Kernel Privilege Escalation Flaw Vulnerabillity CVE-2016-0728

[justme2]

Got a segmentation fault when running it so not going to spend forever analyzing this, was just curious. Vuln requires physical access to your pc. So if you have a friend who's a wizard on the command line, keep him/her away from your pc

To update:

Code: [Select]

sudo apt-get install linux-image-3.13.0-76-generic linux-headers-3.13.0-76-generic
Reboot.

Lite Tweaks, Kernel Removal, remove all other 3.13 kernels.

Installing Kernel 3.13.0-76 caused panic, my panic not kernel panic :-) as my wifi, wireless mouse, external sound card and DVB-T adapter all stopped working! However, all was not lost as I soon found a simple way to restore the earlier working kernel which brought the hardware back to life. So what I do not understand is will this new found vulnerability ever be removed from older kernels or do users of older hardware have to live with it and not progress to newer versions of Linux Lite with newer kernels?

[Jerry]

Got a segmentation fault when running it so not going to spend forever analyzing this, was just curious. Vuln requires physical access to your pc. So if you have a friend who's a wizard on the command line, keep him/her away from your pc

To update:

Code: [Select]

sudo apt-get install linux-image-3.13.0-76-generic linux-headers-3.13.0-76-generic
Reboot.

Lite Tweaks, Kernel Removal, remove all other 3.13 kernels.

Code: [Select]

linux (3.13.0-76.120) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

 -- Luis Henriques <[email protected]>  Mon, 18 Jan 2016 09:54:03 +0000

[tomt]

After reading Perception Point it looks like 3.8 and up is vulnerable. If this has not been exploited before, you can bet the chances are good it will be now.

[Jerry]

POC for the geeks

https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f

http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

Testing this now on LL 2.8 Beta test box. Will report back with results.

[Jerry]

Kernel numbering folks:

3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13......

[Wirezfree]

It's been there 3 years, and is there any evidence of this being exploited.??

[avj]

I may be wrong, but it looks to me that you should be OK as long as you only use the software in the regular repositories that come with the system. It is my opinion for the most part that this kind of threat comes into play when you download proprietary or some other unapproved software.  Open source software allows peer review of the code and makes it much harder for an exploit to slip through.

[tomt]

According to the PC article as I read it, it starts with kernel 3.8. "The Linux kernel is the core of all Linux-based operating systems, including Android. Its keyring facility provides a way for applications to store sensitive information such as authentication and encryption keys inside the kernel, where other user-space applications cannot access it." I did not see a mention that anything above that kernel would not be affected."According to them, the vulnerability was introduced in kernel version 3.8, released in Feb. 2013".  I could be wrong but that is how I understand it to read. The fact that it is now appearing after all this time still supports my theory for the need to add an anti-virus protection to any distro. They also mentioned in the article that some kernels will be affected for quite some time.

[avj]

From the posted articles it appears that someone may have to have physical access to the computer.  It also seems that it takes at least 30 minutes to pull off on a machine with Intel Core i7-5500 CPU, according to the detailed analysis found in the following link.

http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

[firenice03]

Need to see this, and I thought we were fine without the need the need for an anti-virus program.
Linux kernel flaw threatens millions of PCs, servers, and Android devices _ PCWorld.html

Adding a Link for folks:
http://www.pcworld.com/article/3023870/security/linux-kernel-flaw-endangers-millions-of-pcs-servers-and-android-devices.html

http://www.networkworld.com/article/3023866/linux-kernel-flaw-endangers-millions-of-pcs-servers-and-android-devices.html#tk.rss_security

It looks like per the article, affected Kernel is 3.8 and up... Guess its good that LL2.8 beta is at kernel 3.19??..??
But if folks have updated the kernel, they want to be informed..

[tomt]

Need to see this, and I thought we were fine without the need the need for an anti-virus program.
Linux kernel flaw threatens millions of PCs, servers, and Android devices _ PCWorld.html