Critical flaw in Linux kernel provides root access

Jan

20

2016

Through a vulnerability in the keyring subsystem of the Linux kernel, it is possible to execute code in the kernel. Reported that the security Perception Point. The leak would since Linux Kernel: 3.8 are present, either since 2012. There is now a patch available.

Bug CVE-2016-0728 means that local root privilege can be obtained, which means that the attacker must already have limited rights. Because the vulnerability since 2012 is in the system, that means 66 percent of the Android phones are vulnerable because those running kernel 3.8 or higher. It writes Perception Point on his site. There are also another tens of millions of Linux PCs and servers at. For now, the exploit is in the wild, but it is the discoverers of the leak already managed to create a proof-of-concept.

The vulnerability is caused by a reference leak in the keyring feature, which lets drivers data security, authentication keys, encryption keys, and other data can cache or retained in the kernel. The vulnerability allows an attacker to execute code in the kernel and then to obtain root privileges.

All in all, it takes a relatively long time to use the exploit. It takes about 30 minutes on an Intel Core i7-5500, the team writes, though time is not relevant in such an exploit. The Red Hat Security Team has helped to squash the bug. The researchers conclude by saying that SMEP and SMAP make it difficult to exploit the bug, like SELinux on Android. According to Threat Post may for Android phones take longer for patches become available because manufacturers have to make it yourself.

Viewing:-166

In: Technology & Gadgets Asked By: [15785 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »