Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CVE-2016-8655 – A new 5-Year-Old flaw found in the Linux Kernel

A security expert discovered a serious five-year-old privilege-escalation vulnerability, tracked as CVE-2016-8655, that affects every Linux distro. In October, the security expert Phil Oester discovered a flaw in the Linux kernel, dubbed ‘Dirty COW‘ that could be exploited by a local attacker to escalate privileges. The name “Dirty COW” is due to the fact that it’s triggered by a […]

Linux Dirty Frag DirtyDecrypt PinTheft

A security expert discovered a serious five-year-old privilege-escalation vulnerability, tracked as CVE-2016-8655, that affects every Linux distro.

In October, the security expert Phil Oester discovered a flaw in the Linux kernel, dubbed ‘Dirty COW‘ that could be exploited by a local attacker to escalate privileges.

The name “Dirty COW” is due to the fact that it’s triggered by a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings.

Now a security expert discovered a serious five-year-old privilege-escalation vulnerability, tracked as CVE-2016-8655, that affects every Linux distro, including Ubuntu, Red Hat, and Debian.

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer,” reads the security advisory issued Red Hat.

A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

The flaw was disclosed today by the security researcher Philip Pettersson, it dates back to 2011.

CVE-2016-8655

The vulnerability could be exploited by an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel.

“This is an announcement about CVE-2016-8655 which is a race-condition I found in Linux (net/packet/af_packet.c). It can be exploited to gain kernel code execution from unprivileged processes.” wrote Pettersson. ” The bug was introduced on Aug 19, 2011: https://github.com/torvalds/linux/commit/f6fb8f100b807378fda19e83e5ac6828b638603a

The security expert created an exploit to gain a root shell on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities.

An attacker can use the Pettersson’s exploit to run arbitrary malicious code with administrative privileges on the targeted PC or cause a denial of service.

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer,” Red Hat security advisory explains.

A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

“On Android, processes with gid=3004/AID_NET_RAW are able to create AF_PACKET sockets (mediaserver) and can trigger the bug,” added Pettersson.

Below the Timeline for the CVE-2016-8655 bug that was fixed in the mainline kernel last week

  • 2016-11-28: Bug reported to security () kernel org
  • 2016-11-30: Patch submitted to netdev, notification sent to linux-distros
  • 2016-12-02: Patch committed to mainline kernel
  • 2016-12-06: Public announcement

Don’t waste time, update your  Linux distro as soon as possible.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CVE-2016-8655, Linux)