A critical 0-day local privilege escalation vulnerability has been discovered recently that a local user could exploit the kernel flaw and gain root level access! The vulnerability “CVE-2016-0728” found in Linux kernel version 3.8 and higher released in early 2013, lives in the keyring facility built into the various distros of Linux. This bug affects millions of linux machines as well as android devices which are currently running on the mentioned Kernel. The original research team perception point, who discovered the security breach suggests to apply the patch as soon as possible. The original post can be found at original post.
Affected Linux Distros:
Major Linux distributions listed below are affected by this vulnerability.
Red Hat Enterprise Linux 7 CentOS Linux 7 Scientific Linux 7 Debian Linux stable 8.x (jessie) Debian Linux testing 9.x (stretch) SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 Ubuntu Linux 14.04 LTS (Trusty Tahr) Ubuntu Linux 15.04 (Vivid Vervet) Ubuntu Linux 15.10 (Wily Werewolf) Opensuse Linux LEAP 42.x and version 13.x Oracle Linux 7
You need to apply patch to fix the issue, go through the following details and take necessary steps according to your Linux distro.
Reboot the server after applying the patch.
Type the following command to know the current Kernel version.
#uname -a #uname -mrs
The result would be like this
Linux 3.18.21-17.el7.x86_64 x86_64
Below you will find the commands you should type for various Linux distributions to apply the patch.
RHEL / CentOS Linux
#yum update #reboot
Debian or Ubuntu Linux
#sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade #sudo reboot
Suse Enterprise/Opensuse Linux
#zypper patch #reboot
Confirm the version number has been changed.
Below you find a list of bug fixed kernel versions:
RHEL 7/CentOS 7 : 3.10.0-327.4.4.el7.x86_64 Ubuntu Linux 14.04 LTS : 3.13.0-76 Debian Linux 8.x : 3.16.0-4 SUSE Linux Enterprise Server 12 SP1 : 3.12.51-60.25.1
These are a few links to the incident:
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ https://bugzilla.redhat.com/show_bug.cgi?id=1297475 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0728
Always contact our 24/7 TECHNICAL SUPPORT for any help.