Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalation?

  1. #1
    Join Date
    Oct 2006
    Beans
    58

    What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalation?

    What steps can be taken to avert attack by CVE-2016-5195? Or is this already patched?

    http://arstechnica.com/security/2016...ctive-exploit/


    "A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

    While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

    "It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

    The underlying bug was patched this week b
    y the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

  2. #2
    Join Date
    Oct 2006
    Beans
    57,291

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Quote Originally Posted by skyemoor View Post
    What steps can be taken to avert attack by CVE-2016-5195? Or is this already patched?
    Update your system..

    https://www.ubuntu.com/usn/

  3. #3
    Join Date
    Oct 2016
    Beans
    9

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Hello. Yes, howefield is right. Yesterday an unpdate for this CVE was available. Just use update-manager or run sudo apt-get update and sudo apt-get dist-upgrade. By the way, this bug is from 2005.

  4. #4
    Join Date
    May 2013
    Beans
    4

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Quote Originally Posted by anoda View Post
    Hello. Yes, howefield is right. Yesterday an unpdate for this CVE was available. Just use update-manager or run sudo apt-get update and sudo apt-get dist-upgrade. By the way, this bug is from 2005.

    Hi,

    Just found this thread now. I am trying to update my 12.04 box to protect against this vulnerability.

    I have run:

    sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

    and updated my system and then rebooted.

    However using the POC exploit code here:
    http://www.cyberciti.biz/faq/dirtyco...erability-fix/

    My system is still vulnerable to this attack. How can I be sure that the upgrade successfully installed the correct patches.

    Thanks
    Last edited by howefield; October 26th, 2016 at 12:50 PM. Reason: reset font properties.

  5. #5
    Join Date
    Oct 2006
    Beans
    57,291

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Perhaps you are you running an unsupported HWE kernel, what's the output of

    Code:
    uname -r
    Code:
    cat /etc/*-release

  6. #6
    Join Date
    May 2013
    Beans
    4

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Thanks for the quick reply.

    After upgrading the box the output is as follows:

    Code:
    $ uname -r
    3.5.0-54-generic

    Code:
    $ cat /etc/*-release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=12.04
    DISTRIB_CODENAME=precise
    DISTRIB_DESCRIPTION="Ubuntu 12.04.5 LTS"
    NAME="Ubuntu"
    VERSION="12.04.5 LTS, Precise Pangolin"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu precise (12.04.5 LTS)"
    VERSION_ID="12.04"

  7. #7
    Join Date
    Oct 2006
    Beans
    57,291

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    I haven't checked in detail but that looks like the Quantal HWE kernel which was supported for 18 months ending when Ubuntu 14.04 was released in April 2014, so as a now unsupported kernel it is pretty unlikely it would be patched.

  8. #8

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Quote Originally Posted by ewren View Post
    Hi,

    Just found this thread now. I am trying to update my 12.04 box to protect against this vulnerability.

    I have run:

    sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

    and updated my system and then rebooted.

    However using the POC exploit code here:
    http://www.cyberciti.biz/faq/dirtyco...erability-fix/

    My system is still vulnerable to this attack. How can I be sure that the upgrade successfully installed the correct patches.

    Thanks
    I ran
    do-release-upgrade
    yesterday on a 12.04 in Amazon after
    Code:
     sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
    failed to install a newer kernel.

    We got
    Code:
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=14.04
    DISTRIB_CODENAME=trusty
    DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
    NAME="Ubuntu"
    VERSION="14.04.5 LTS, Trusty Tahr"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu 14.04.5 LTS"
    VERSION_ID="14.04"
    HOME_URL="http://www.ubuntu.com/"
    SUPPORT_URL="http://help.ubuntu.com/"
    BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
    and 3.13.0-100-generic
    YMMV.
    Windows assumes the user is an idiot.
    Linux demands proof.

  9. #9
    Join Date
    May 2013
    Beans
    4

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Okay, I tried this instead:

    Code:
    sudo apt-get install linux-generic-lts-trusty
    And now I have:

    Code:
    
    3.13.0-100-generic
    and

    Code:
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=12.04
    DISTRIB_CODENAME=precise
    DISTRIB_DESCRIPTION="Ubuntu 12.04.5 LTS"
    NAME="Ubuntu"
    VERSION="12.04.5 LTS, Precise Pangolin"
    ID=ubuntu
    ID_LIKE=debian
    PRETTY_NAME="Ubuntu precise (12.04.5 LTS)"
    VERSION_ID="12.04"
    and it seems to have fixed the issue.

    Thanks!

  10. #10

    Re: What steps to take to mitigate newly discovered CVE-2016-5195 privilege-escalatio

    Well, I guess the difference is "do we want to upgrade the system, or just the kernel"?
    Since mine are in Amazon, I chose an upgrade to take advantage of both.
    Glad it worked out!

    I did see https://ubuntuforums.org/showthread....8#post13561688 prior to my decision, and in ignorance,
    I thought 'apt-get dist-upgrade' covered it.
    Last edited by Habitual; October 26th, 2016 at 03:40 PM.
    Windows assumes the user is an idiot.
    Linux demands proof.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •