LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

October 2016

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL October 2016

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Kernel Local Privilege Escalation - CVE-2016-5195
From:	David Crick <[log in to unmask]>
Reply To:	David Crick <[log in to unmask]>
Date:	Thu, 20 Oct 2016 21:11:00 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (72 lines)

Upstream fix if anyone wants to try rolling their own:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619


On Thu, Oct 20, 2016 at 2:13 PM, Steven Haigh <[log in to unmask]> wrote:
> (Reproduced below)
>
> Red Hat Product Security has been made aware of a vulnerability in the
> Linux kernel that has been assigned CVE-2016-5195. This issue was
> publicly disclosed on October 19, 2016 and has been rated as Important.
>
> Background Information
>
> A race condition was found in the way the Linux kernel's memory
> subsystem handled the copy-on-write (COW) breakage of private read-only
> memory mappings. An unprivileged local user could use this flaw to gain
> write access to otherwise read-only memory mappings and thus increase
> their privileges on the system.
>
> This could be abused by an attacker to modify existing setuid files with
> instructions to elevate privileges. An exploit using this technique has
> been found in the wild.
>
> Impacted Products
>
> The following Red Hat Product versions are impacted:
>
> Red Hat Enterprise Linux 5
> Red Hat Enterprise Linux 6
> Red Hat Enterprise Linux 7
> Red Hat Enterprise MRG 2
> Attack Description and Impact
>
> This flaw allows an attacker with a local system account to modify
> on-disk binaries, bypassing the standard permission mechanisms that
> would prevent modification without an appropriate permission set. This
> is achieved by racing the madvise(MADV_DONTNEED) system call while
> having the page of the executable mmapped in memory.
>
> Take Action
>
> All Red Hat customers running the affected versions of the kernel are
> strongly recommended to update the kernel as soon as patches are
> available. Details about impacted packages as well as recommended
> mitigation are noted below. A system reboot is required in order for the
> kernel update to be applied.
>
> Mitigation
>
> Please reference bug 1384344 for detailed mitigation steps.
>
> Updates for Affected Products
>
> A kpatch for customers running Red Hat Enterprise Linux 7.2 or greater
> is available. Please open a support case to gain access to the kpatch.
>
> ----------- END ADVICE -----------
>
> Possible mitigation for the issue:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13
>
> There are currently no fixed packages available anywhere to resolve this.
>
> --
> Steven Haigh
>
> Email: [log in to unmask]
> Web: https://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV