Tuesday, 24 January 2017

Linux exploit gives any user full access in five seconds



If you need another reason to be paranoid about network security, a serious exploit that attacks a nine-year-old Linux kernel flaw is now in the wild. The researcher who found it, Phil Oester, told V3 that the attack is "trivial to execute, never fails and has probably been around for years." Because of its complexity, he was only able to detect it because he had been "capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox," Oester said.

The kernel flaw (CVE-2016-5195) is an 11-year-old bug that Linus Tovalds himself tried to patch once. His work, unfortunately, was undone by another fix several years later, so Oester figures it's been around since 2007. The problem is that the Linux kernel's memory system can break during certain memory operations, according to Red Hat. "An unprivileged local user could use this flaw to gain write access ... and thus increase their privileges on the system."
In other words, it can be used to get root server access, which is a terrible thing for the internet. Though it's primarily an attack for users that already have an account on a server, it could potentially be exploited on a Linux machine that lets you execute a file -- something that's common for online servers.

Read more: Click Here

4 comments:

  1. Unable to read on mobile device. Junk site.

    ReplyDelete
  2. You pretty much stole content and spammed g+ with it.

    ReplyDelete
  3. no, he didn't. he is just reposting shit with his spin on it.

    sadly though, it looks like plagiarism to linux #nazis.

    ReplyDelete