Over a calendar month back, a nine-year-old privilege-escalation vulnerability, dubbed "Dirty COW," was discovered inward the Linux center that affected every distro of the open-source operating system, including Red Hat, Debian, in addition to Ubuntu.
Now, roughly other Linux center vulnerability (CVE-2016-8655) that dates dorsum to 2011 disclosed today could let an unprivileged local user to hit origin privileges past times exploiting a race status inward the af_packet implementation inward the Linux kernel.
Philip Pettersson, the researcher who discovered the flaw, was able to exercise an exploit to hit a origin shell on an Ubuntu 16.04 LTS organization (Linux Kernel 4.4) in addition to too defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to hit center code execution abilities.
In other words, a local unprivileged assaulter tin purpose this exploit to drive a denial of service (crashing server) or run arbitrary malicious code amongst administrative privileges on the targeted system.
"A race status number leading to a use-after-free flaw was constitute inward the agency the raw parcel sockets implementation inward the Linux center networking subsystem handled synchronization spell creating the TPACKET_V3 telephone buffer," Red Hat security advisory explains.
"A local user able to opened upwards a raw parcel socket (requires the CAP_NET_RAW capability) could purpose this flaw to rear their privileges on the system."This threat creates a potential danger for service providers to accept their servers crashed or hacked through this Linux center vulnerability.
"On Android, processes amongst gid=3004/AID_NET_RAW are able to exercise AF_PACKET sockets (mediaserver) in addition to tin trigger the bug," Pettersson explains.
The vulnerability was patched inward the mainline center terminal week, in addition to thus users are advised to update their Linux distro every bit presently every bit possible.
