If you need another reason to be paranoid about network security, a serious exploit that attacks a nine-year-old Linux kernel flaw is now in the wild. The researcher who found it, Phil Oester, told V3 that the attack is "trivial to execute, never fails and has probably been around for years." Because of its complexity, he was only able to detect it because he had been "capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox," Oester said.
The kernel flaw (CVE-2016-5195) is an 11-year-old bug that Linus Tovalds himself tried to patch once. His work, unfortunately, was undone by another fix several years later, so Oester figures it’s been around since 2007. The problem is a so-called race condition in the Linux kernel’s memory system, that breaks during certain read-only memory operations, according to Red Hat. "An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system."
Torvalds points out that the race condition flaw used to be "purely theoretical," but is now easier to trigger thanks to improved VM tech. Keepers of the Linux kernel have patched the bug (dubbed "Dirty COW," for copy-on-write) and distributors like Red Hat, which classified the bug as "important," are working on updates. "All Linux users need to take this bug very seriously, and patch their systems ASAP," says Oester. He adds that the packet captures that helped him spot the exploit "have proved invaluable numerous times. I would recommend this extra security measure to all admins."
(Thanks, Kristy.)
Via: Ars Technica
Source: V3
from Engadget http://ift.tt/2dBiiXS
via IFTTT
