CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years) - How to, Technology and PC Security Forum | SensorsTechForum.com
NEWS

CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)

vulnerability-stforum

CVE-2016-5195 is a Linux vulnerability in the wild which is most likely found in every Linux version for the last nine years. Linux users should consider installing a security patch immediately.

The vulnerability is a Kernel Local Privilege Escalation one and its status is still “ongoing”.

More about CVE-2016-5195

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

The exploit enables an attacker to obtain higher levels of control over the system. An actor with limited access to a web-hosting server can employ the exploit to gain deeper shell access, and can later use that access to attack other users of the server. Even server admins can be affected. The worst part is that privilege escalation vulnerabilities could be deployed in combination with other exploits – like SQL injections.

Related: Systemd and Ubuntu Address Multiple Linux Vulnerabilities

The bug was discovered by Phil Orster, Linux developer. Linux users are encouraged to consult with the maintainers of their Linux distribution to avoid being affected by CVE-2016-5195.

Researchers say that this is probably the most serious Linux local privilege escalation to date. The vulnerability’s nature allows for extremely reliable exploitation, says Dan Rosenberg, senior researcher at Azimuth Security. The fact that it’s been around for nine years makes the situation even scarier.

Currently, Linux distributions are receiving patches in various stages, after the development of the official patch on behalf of the official Linux kernel maintainers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...