A critical 0-day local privilege escalation vulnerability has been discovered recently that a local user could exploit the kernel flaw and gain root level access! The vulnerability “CVE-2016-0728” found in Linux kernel version 3.8 and higher released in early 2013, lives in the keyring facility built into the various distros of Linux. This bug affects millions of linux machines as well as android devices which are currently running on the mentioned Kernel. The original research team perception point, who discovered the security breach suggests to apply the patch as soon as possible. The original post can be found at original post.

Affected Linux Distros:

Major Linux distributions listed below are affected by this vulnerability.

Red Hat Enterprise Linux 7
CentOS Linux 7
Scientific Linux 7
Debian Linux stable 8.x (jessie)
Debian Linux testing 9.x (stretch)
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
Ubuntu Linux 14.04 LTS (Trusty Tahr)
Ubuntu Linux 15.04 (Vivid Vervet)
Ubuntu Linux 15.10 (Wily Werewolf)
Opensuse Linux LEAP 42.x and version 13.x
Oracle Linux 7

You need to apply patch to fix the issue, go through the following details and take necessary steps according to your Linux distro.

Reboot the server after applying the patch.

Type the following command to know the current Kernel version.

#uname -a
#uname -mrs

The result would be like this

Linux 3.18.21-17.el7.x86_64 x86_64

Below you will find the commands you should type for various Linux distributions to apply the patch.

RHEL / CentOS Linux

#yum update
#reboot

Debian or Ubuntu Linux

#sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
#sudo reboot

Suse Enterprise/Opensuse Linux

#zypper patch
#reboot

Confirm the version number has been changed.

#umame -mrs

Below you find a list of bug fixed kernel versions:

RHEL 7/CentOS 7 : 3.10.0-327.4.4.el7.x86_64
Ubuntu Linux 14.04 LTS : 3.13.0-76
Debian Linux 8.x : 3.16.0-4
SUSE Linux Enterprise Server 12 SP1 : 3.12.51-60.25.1

These are a few links to the incident:

http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
https://bugzilla.redhat.com/show_bug.cgi?id=1297475
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0728

Always contact our 24/7 TECHNICAL SUPPORT for any help.

Posted by Vipin Raj

Leave a reply