<!DOCTYPE html>
<html><head>
<meta charset="UTF-8">
</head><body><p><span style="color: rgb(51, 51, 51); font-family: helvetica, arial, sans-serif; font-size: 12pt; background-color: transparent;">According to one review I read, it was discovered some years ago and a fix prepared.</span><br></p><p><span style="color: rgb(51, 51, 51); font-family: helvetica, arial, sans-serif; font-size: 12pt; background-color: transparent;">It was dropped, though, because the fix caused problems with one of the IBM machines</span></p><p><span style="color: rgb(51, 51, 51); font-family: helvetica, arial, sans-serif; font-size: 12pt; background-color: transparent;">the software was commonly run on, and the bug wasn't considered to be a big one at </span></p><p><span style="color: rgb(51, 51, 51); font-family: helvetica, arial, sans-serif; font-size: 12pt; background-color: transparent;">the time.</span></p><p><span style="color: rgb(51, 51, 51); font-family: helvetica, arial, sans-serif; font-size: 12pt; background-color: transparent;"><br></span></p><p><span style="color: rgb(51, 51, 51); font-family: helvetica, arial, sans-serif; font-size: 12pt; background-color: transparent;">Dick</span></p><blockquote type="cite">On October 21, 2016 at 5:46 PM Jason Wright <jason@thought.net> wrote:<br><br><p>A friend and I spent some time looking at a proof of concept exploit of this vulnerability this afternoon. Nasty... Essentially it provides a pivot from unprivileged user to root by allowing the corruption of a cached page that is supposed to be read only (copy on write). It's pretty clever and because it doesn't corrupt the file on disk, not easily traceable.</p><p>--Jason Wright</p><div class="ox-522fb6bcfb-gmail_extra"><br><div class="ox-522fb6bcfb-gmail_quote">On Oct 21, 2016 2:20 PM, "RICHARD BARTH" <<a href="mailto:w3hwn@comcast.net">w3hwn@comcast.net</a>> wrote:<br><blockquote><u></u><div><p><br></p><blockquote type="cite">---------- Original Message ----------<br>From: US-CERT <<a href="mailto:US-CERT@ncas.us-cert.gov" target="_blank">US-CERT@ncas.us-cert.gov</a>><br>To: <a href="mailto:w3hwn@arrl.net" target="_blank">w3hwn@arrl.net</a><br>Date: October 21, 2016 at 2:20 PM<br>Subject: Linux Kernel Vulnerability<br><br><table width="700" border="0" cellspacing="0" cellpadding="0" align="center" style="border-collapse: collapse;" class="ox-522fb6bcfb-m_2238678406295053627mce-item-table mce-item-table"><tbody><tr><td style="padding: 0px;"><p><img src="http://content.govdelivery.com/attachments/fancy_images/USDHSUSCERT/2015/11/675988/us-cert-banner-700x100-2_original.png" alt="U.S. Department of Homeland Security US-CERT" width="700" height="100" style="width: 700px; height: 100px;"></p><p>National Cyber Awareness System:</p><p> </p><div class="ox-522fb6bcfb-m_2238678406295053627ox-b484f92f20-rss_item" style="margin-bottom: 2em;"><div class="ox-522fb6bcfb-m_2238678406295053627ox-b484f92f20-rss_title" style="font-weight: bold; font-size: 120%; margin: 0 0 0.3em; padding: 0;"><a href="https://www.us-cert.gov/ncas/current-activity/2016/10/21/Linux-Kernel-Vulnerability" target="_blank">Linux Kernel Vulnerability</a></div><div class="ox-522fb6bcfb-m_2238678406295053627ox-b484f92f20-rss_pub_date" style="font-size: 90%; font-style: italic; color: #666666; margin: 0 0 0.3em; padding: 0;">10/21/2016 12:50 PM EDT</div><br><div class="ox-522fb6bcfb-m_2238678406295053627ox-b484f92f20-rss_description" style="margin: 0 0 0.3em; padding: 0;">Original release date: October 21, 2016<br><p>US-CERT is aware of a Linux kernel vulnerability known as Dirty COW (CVE-2016-5195). Exploitation of this vulnerability may allow an attacker to take control of an affected system.</p><p>US-CERT recommends that users and administrators review the <a href="https://access.redhat.com/security/cve/cve-2016-5195" target="_blank">Red Hat CVE Database</a>, the <a href="http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html" target="_blank">Canoical Ubuntu CVE Tracker</a>, and <a href="https://www.kb.cert.org/vuls/id/243144" target="_blank">CERT Vulnerability Note VU#243144</a> for additional details, and refer to their Linux or Unix-based OS vendors for appropriate patches.</p><hr><p>This product is provided subject to this <a href="http://www.us-cert.gov/privacy/notification" target="_blank">Notification</a> and this <a href="http://www.us-cert.gov/privacy/" target="_blank">Privacy & Use</a> policy.</p></div></div><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="ox-522fb6bcfb-m_2238678406295053627mce-item-table mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%" height="60">A copy of this publication is available at <a href="https://www.us-cert.gov" target="_blank">www.us-cert.gov</a>. If you need help or have questions, please send an email to <a href="mailto:info@us-cert.gov" target="_blank">info@us-cert.gov</a>. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add <a href="mailto:US-CERT@ncas.us-cert.gov" target="_blank">US-CERT@ncas.us-cert.gov</a> to your address book.</td></tr></tbody></table><table style="border-collapse: collapse; width: 400px;" border="0" cellspacing="0" cellpadding="0" class="ox-522fb6bcfb-m_2238678406295053627mce-item-table mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial,sans-serif; font-size: 12px;" valign="bottom" height="24">OTHER RESOURCES:</td></tr><tr><td style="padding: 0px; color: #666666; font-family: Arial,sans-serif; font-size: 12px;" valign="middle" height="24"><a href="http://www.us-cert.gov/contact-us/" target="_blank">Contact Us</a> | <a href="http://www.us-cert.gov/security-publications" target="_blank">Security Publications</a> | <a href="http://www.us-cert.gov/ncas" target="_blank">Alerts and Tips</a> | <a href="http://www.us-cert.gov/related-resources" target="_blank">Related Resources</a></td></tr></tbody></table><table style="border-collapse: collapse; width: 150px;" border="0" cellspacing="0" cellpadding="0" class="ox-522fb6bcfb-m_2238678406295053627mce-item-table mce-item-table"><tbody><tr><td style="padding: 0px; color: #666666; font-family: Arial,sans-serif; font-size: 12px;" colspan="7" valign="bottom" height="24">STAY CONNECTED:</td></tr><tr><td width="41" style="padding: 0px;"><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new" target="_blank"><img src="https://service.govdelivery.com/banners/GOVDELIVERY/SOCIAL_MEDIA/envelope.gif" border="0" alt="Sign up for email updates" width="25" height="25" style="width: 25px; height: 25px;"></a></td></tr></tbody></table><p style="color: #666666; font-family: Arial,sans-serif; font-size: 12px;">SUBSCRIBER SERVICES:<br><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true" target="_blank">Manage Preferences</a> | <a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net" target="_blank">Unsubscribe</a> |<wbr/> <a href="https://subscriberhelp.govdelivery.com/" target="_blank">Help</a></p><hr><table style="border-collapse: collapse; width: 100%;" border="0" cellspacing="0" cellpadding="0" class="ox-522fb6bcfb-m_2238678406295053627mce-item-table mce-item-table"><tbody><tr><td style="padding: 0px; color: #757575; font-size: 10px; font-family: Arial;" width="89%">This email was sent to <a href="mailto:w3hwn@arrl.net" target="_blank">w3hwn@arrl.net</a> using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · <a target="_blank">(888) 282-0870</a></td><td align="right" width="11%" style="padding: 0px;"><a href="http://www.govdelivery.com/portals/powered-by" target="_blank"><img src="https://service.govdelivery.com/banners/GOVDELIVERY/logo_gd_poweredby.gif" border="0" alt="Powered by GovDelivery" width="115" height="35" style="width: 115px; height: 35px;"></a></td></tr></tbody></table></td></tr></tbody></table></blockquote></div><br>______________________________<wbr/>_________________<br> Tacos mailing list<br> <a href="mailto:Tacos@amrad.org">Tacos@amrad.org</a><br> <a href="https://lists.amrad.org/mailman/listinfo/tacos" target="_blank">https://lists.amrad.org/<wbr/>mailman/listinfo/tacos</a><br> <br></blockquote></div></div>_______________________________________________<br>Tacos mailing list<br>Tacos@amrad.org<br>https://lists.amrad.org/mailman/listinfo/tacos<br></blockquote></body></html>