Fwd: Linux Kernel Vulnerability

RICHARD BARTH w3hwn at comcast.net
Fri Oct 21 16:57:35 CDT 2016 

According to one review I read, it was discovered some years ago and a fix prepared.

It was dropped, though, because the fix caused problems with one of the IBM machines

the software was commonly run on, and the bug wasn't considered to be a big one at 

the time.


Dick

> On October 21, 2016 at 5:46 PM Jason Wright <jason at thought.net> wrote:
> 
> 
>     A friend and I spent some time looking at a proof of concept exploit of this vulnerability this afternoon. Nasty... Essentially it provides a pivot from unprivileged user to root by allowing the corruption of a cached page that is supposed to be read only (copy on write). It's pretty clever and because it doesn't corrupt the file on disk, not easily traceable.
> 
>     --Jason Wright
> 
> 
>     On Oct 21, 2016 2:20 PM, "RICHARD BARTH" <w3hwn at comcast.net mailto:w3hwn at comcast.net > wrote:
> 
>         > > 
> > 
> >             > -------- Original Message ----------
>             From: US-CERT <US-CERT at ncas.us-cert.gov mailto:US-CERT at ncas.us-cert.gov >
>             To: w3hwn at arrl.net mailto:w3hwn at arrl.net
>             Date: October 21, 2016 at 2:20 PM
>             Subject: Linux Kernel Vulnerability
> 
> 
>             [U.S. Department of Homeland Security US-CERT]
> 
>             National Cyber Awareness System:
> 
>              
> 
>             Linux Kernel Vulnerability https://www.us-cert.gov/ncas/current-activity/2016/10/21/Linux-Kernel-Vulnerability
>             10/21/2016 12:50 PM EDT
> 
>             Original release date: October 21, 2016
> 
>             US-CERT is aware of a Linux kernel vulnerability known as Dirty COW (CVE-2016-5195). Exploitation of this vulnerability may allow an attacker to take control of an affected system.
> 
>             US-CERT recommends that users and administrators review the Red Hat CVE Database https://access.redhat.com/security/cve/cve-2016-5195 , the Canoical Ubuntu CVE Tracker http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html , and CERT Vulnerability Note VU#243144 https://www.kb.cert.org/vuls/id/243144 for additional details, and refer to their Linux or Unix-based OS vendors for appropriate patches.
> 
> 
>             ---------------------------------------------
> 
>             This product is provided subject to this Notification http://www.us-cert.gov/privacy/notification and this Privacy & Use http://www.us-cert.gov/privacy/ policy.
> 
> 
> 
>             ---------------------------------------------
>             A copy of this publication is available at www.us-cert.gov https://www.us-cert.gov . If you need help or have questions, please send an email to info at us-cert.gov mailto:info at us-cert.gov . Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT at ncas.us-cert.gov mailto:US-CERT at ncas.us-cert.gov to your address book.
>             OTHER RESOURCES:
>             Contact Us http://www.us-cert.gov/contact-us/ | Security Publications http://www.us-cert.gov/security-publications | Alerts and Tips http://www.us-cert.gov/ncas | Related Resources http://www.us-cert.gov/related-resources
>             STAY CONNECTED:
>             [Sign up for email updates] http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new
> 
>             SUBSCRIBER SERVICES:
>             Manage Preferences http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true   |  Unsubscribe https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net   |  Help https://subscriberhelp.govdelivery.com/
> 
> 
>             ---------------------------------------------
>             This email was sent to w3hwn at arrl.net mailto:w3hwn at arrl.net using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 	[Powered by GovDelivery] http://www.govdelivery.com/portals/powered-by
> 
>         
_______________________________________________
Tacos mailing list
Tacos at amrad.org mailto:Tacos at amrad.org
https://lists.amrad.org/mailman/listinfo/tacos https://lists.amrad.org/mailman/listinfo/tacos


_______________________________________________
Tacos mailing list
Tacos at amrad.org
https://lists.amrad.org/mailman/listinfo/tacos

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20161021/470c819a/attachment-0001.html>

More information about the Tacos mailing list