PINDROP BLOG

Ancient Privilege Escalation Bug Haunts Linux

Researchers are warning about a serious vulnerability in the Linux kernel that affects essentially all of the current versions of the operating system in use right now.

The vulnerability is a local privilege-escalation flaw, which isn’t normally cause for much concern, because an attacker needs local access to a vulnerable device in order to exploit it. But there is an exploit for this vulnerability circulating right now, and, adding to the problem, the bug has been present in the Linux kernel for nearly a decade.

The CVE-2016-5195 vulnerability was disclosed on Wednesday, and the maintainers of the Linux kernel have issued a patch for it. Red Hat, one of the major Linux distributions, is warning customers to upgrade the kernel as soon as possible.

Researchers say that the vulnerability can be exploited quite reliably.

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges. An exploit using this technique has been found in the wild,” the Red Hat advisory says.

“This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set. This is achieved by racing the madvise(MADV_DONTNEED) system call while having the page of the executable mmapped in memory.”

Researchers say that the vulnerability can be exploited quite reliably, which, combined with the availability of a public exploit, makes the bug highly dangerous.

Image from Flickr stream of Matt McGee
Webinar: Call Center Fraud Vectors & Fraudsters Defeated