Fwd: Linux Kernel Vulnerability

Jason Wright jason at thought.net
Fri Oct 21 16:46:38 CDT 2016


A friend and I spent some time looking at a proof of concept exploit of
this vulnerability this afternoon. Nasty... Essentially it provides a pivot
from unprivileged user to root by allowing the corruption of a cached page
that is supposed to be read only (copy on write). It's pretty clever and
because it doesn't corrupt the file on disk, not easily traceable.

--Jason Wright

On Oct 21, 2016 2:20 PM, "RICHARD BARTH" <w3hwn at comcast.net> wrote:

>
> ---------- Original Message ----------
> From: US-CERT <US-CERT at ncas.us-cert.gov>
> To: w3hwn at arrl.net
> Date: October 21, 2016 at 2:20 PM
> Subject: Linux Kernel Vulnerability
>
> [image: U.S. Department of Homeland Security US-CERT]
>
> National Cyber Awareness System:
>
>
> Linux Kernel Vulnerability
> <https://www.us-cert.gov/ncas/current-activity/2016/10/21/Linux-Kernel-Vulnerability>
> 10/21/2016 12:50 PM EDT
>
> Original release date: October 21, 2016
>
> US-CERT is aware of a Linux kernel vulnerability known as Dirty COW
> (CVE-2016-5195). Exploitation of this vulnerability may allow an attacker
> to take control of an affected system.
>
> US-CERT recommends that users and administrators review the Red Hat CVE
> Database <https://access.redhat.com/security/cve/cve-2016-5195>, the Canoical
> Ubuntu CVE Tracker
> <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html>,
> and CERT Vulnerability Note VU#243144
> <https://www.kb.cert.org/vuls/id/243144> for additional details, and
> refer to their Linux or Unix-based OS vendors for appropriate patches.
> ------------------------------
>
> This product is provided subject to this Notification
> <http://www.us-cert.gov/privacy/notification> and this Privacy & Use
> <http://www.us-cert.gov/privacy/> policy.
> ------------------------------
> A copy of this publication is available at www.us-cert.gov. If you need
> help or have questions, please send an email to info at us-cert.gov. Do not
> reply to this message since this email was sent from a notification-only
> address that is not monitored. To ensure you receive future US-CERT
> products, please add US-CERT at ncas.us-cert.gov to your address book.
> OTHER RESOURCES:
> Contact Us <http://www.us-cert.gov/contact-us/> | Security Publications
> <http://www.us-cert.gov/security-publications> | Alerts and Tips
> <http://www.us-cert.gov/ncas> | Related Resources
> <http://www.us-cert.gov/related-resources>
> STAY CONNECTED:
> [image: Sign up for email updates]
> <http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new>
>
> SUBSCRIBER SERVICES:
> Manage Preferences
> <http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true>
>   |  Unsubscribe
> <https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.b03cc84c90ac58ffb6e970add416fb2d&destination=w3hwn%40arrl.net>
>   |  Help <https://subscriberhelp.govdelivery.com/>
> ------------------------------
> This email was sent to w3hwn at arrl.net using GovDelivery, on behalf of:
> United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane
> SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 [image: Powered by
> GovDelivery] <http://www.govdelivery.com/portals/powered-by>
>
>
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://lists.amrad.org/mailman/listinfo/tacos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20161021/6c5ed3e2/attachment.html>


More information about the Tacos mailing list