Home > Cyber News > CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)
CYBER NEWS

CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)

by   |  Last Update:  |  0 Comments  

vulnerability-stforum

CVE-2016-5195 is a Linux vulnerability in the wild which is most likely found in every Linux version for the last nine years. Linux users should consider installing a security patch immediately.

The vulnerability is a Kernel Local Privilege Escalation one and its status is still “ongoing”.

More about CVE-2016-5195

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

The exploit enables an attacker to obtain higher levels of control over the system. An actor with limited access to a web-hosting server can employ the exploit to gain deeper shell access, and can later use that access to attack other users of the server. Even server admins can be affected. The worst part is that privilege escalation vulnerabilities could be deployed in combination with other exploits – like SQL injections.

Related: Systemd and Ubuntu Address Multiple Linux Vulnerabilities

The bug was discovered by Phil Orster, Linux developer. Linux users are encouraged to consult with the maintainers of their Linux distribution to avoid being affected by CVE-2016-5195.

Researchers say that this is probably the most serious Linux local privilege escalation to date. The vulnerability’s nature allows for extremely reliable exploitation, says Dan Rosenberg, senior researcher at Azimuth Security. The fact that it’s been around for nine years makes the situation even scarier.

Currently, Linux distributions are receiving patches in various stages, after the development of the official patch on behalf of the official Linux kernel maintainers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Top 15 Linux Security Questions You Didn’t Know You Had Beginner Linux administrators and users should know that even though...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. The Best Linux Server Distributions in 2017 Gnu/Linux is one of the leading server operating systems due...
  4. CVE-2013-2094: Linux.BtcMine.174 Is a Dangerous Hybrid Linux Trojan A new security report reveals that a dangerous new Linux...
  5. Top Security and Privacy Linux Distributions in 2019 There are many specialist Linux distributions that are designed with...
  6. The 10 Best Methods on How to Improve Linux Security This blog post is created in order to help you...
  7. CVE-2016-5195, Plenty of Flaws Fixed in Android’s December Bulletin Dirty Cow may sound like someone’s favorite insult but it’s...
  8. The Windows User Security Bible: Vulnerabilities and Patches If you’re one of those conscious users who acquaint themselves...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree