01-19-2016, 03:41 PM
Need to see this, and I thought we were fine without the need the need for an anti-virus program.
Linux kernel flaw threatens millions of PCs, servers, and Android devices _ PCWorld.html
Linux Kernel Privilege Escalation Flaw Vulnerabillity CVE-2016-0728
Need to see this, and I thought we were fine without the need the need for an anti-virus program.
Linux kernel flaw threatens millions of PCs, servers, and Android devices _ PCWorld.html
01-19-2016, 03:56 PM
(01-19-2016, 03:41 PM)tomt link Wrote: Need to see this, and I thought we were fine without the need the need for an anti-virus program.
Linux kernel flaw threatens millions of PCs, servers, and Android devices _ PCWorld.html
Adding a Link for folks:
http://www.pcworld.com/article/3023870/s...vices.html
http://www.networkworld.com/article/3023...s_security
It looks like per the article, affected Kernel is 3.8 and up... Guess its good that LL2.8 beta is at kernel 3.19??..??
But if folks have updated the kernel, they want to be informed..
LL4.8 UEFI 64 bit ASUS E402W - AMD E2 (Quad) 1.5Ghz - 4GB - AMD Mullins Radeon R2
LL5.8 UEFI 64 bit Test UEFI Kangaroo (Mobile Desktop) - Atom X5-Z8500 1.44Ghz - 2GB - Intel HD Graphics
LL4.8 64 bit HP 6005- AMD Phenom II X2 - 8GB - AMD/ATI RS880 (HD4200)
LL3.8 32 bit Dell Inspiron Mini - Atom N270 1.6Ghz - 1GB - Intel Mobile 945GSE Express -- Shelved
BACK LL5.8 64 bit Dell Optiplex 160 (Thin) - Atom 230 1.6Ghz - 4GB-SiS 771/671 PCIE VGA - Print Server
Running Linux Lite since LL2.2
01-19-2016, 05:14 PM
From the posted articles it appears that someone may have to have physical access to the computer. It also seems that it takes at least 30 minutes to pull off on a machine with Intel Core i7-5500 CPU, according to the detailed analysis found in the following link.
http://perception-point.io/2016/01/14/an...2016-0728/
http://perception-point.io/2016/01/14/an...2016-0728/
“I have not failed. I’ve just found 10,000 ways that won’t work.” - Thomas Edison
01-19-2016, 05:52 PM
According to the PC article as I read it, it starts with kernel 3.8. "The Linux kernel is the core of all Linux-based operating systems, including Android. Its keyring facility provides a way for applications to store sensitive information such as authentication and encryption keys inside the kernel, where other user-space applications cannot access it." I did not see a mention that anything above that kernel would not be affected."According to them, the vulnerability was introduced in kernel version 3.8, released in Feb. 2013". I could be wrong but that is how I understand it to read. The fact that it is now appearing after all this time still supports my theory for the need to add an anti-virus protection to any distro. They also mentioned in the article that some kernels will be affected for quite some time.
01-19-2016, 06:40 PM
I may be wrong, but it looks to me that you should be OK as long as you only use the software in the regular repositories that come with the system. It is my opinion for the most part that this kind of threat comes into play when you download proprietary or some other unapproved software. Open source software allows peer review of the code and makes it much harder for an exploit to slip through.
“I have not failed. I’ve just found 10,000 ways that won’t work.” - Thomas Edison
01-19-2016, 08:04 PM
It's been there 3 years, and is there any evidence of this being exploited.??
Upgrades WIP 2.6 to 2.8 - (6 X 2.6 to 2.8 completed on: 20/02/16 All O.K )
Linux Lite 3.0 Humming on a ASRock N3070 Mobo ~ btrfs RAID 10 Install on 4 Disks :)
Computers Early days:
ZX Spectrum(1982) , HP-150 MS-DOS(1983) , Amstrad CPC464(1984) , BBC Micro B+64(1985) , My First PC HP-Vectra(1987)
01-19-2016, 09:02 PM
Kernel numbering folks:
3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13......
3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13......
Download your free copy of Linux Lite today.
Jerry Bezencon
Linux Lite Creator
"Do not correct a fool, or he will hate you; correct a wise man and he will appreciate you."
![[Image: X5qGkCg.png]](https://imgur.com/X5qGkCg.png)
![[Image: 0op1GNe.png]](https://i.imgur.com/0op1GNe.png)
![[Image: LgJ2mtP.png]](https://i.imgur.com/LgJ2mtP.png)
![[Image: vLZcFUE.png]](https://imgur.com/vLZcFUE.png)
![[Image: lrUHro3.jpg]](https://i.imgur.com/lrUHro3.jpg)
01-19-2016, 09:20 PM
POC for the geeks :)
https://gist.github.com/PerceptionPointT...0f8531ff8f
http://perception-point.io/2016/01/14/an...2016-0728/
Testing this now on LL 2.8 Beta test box. Will report back with results.
https://gist.github.com/PerceptionPointT...0f8531ff8f
http://perception-point.io/2016/01/14/an...2016-0728/
Testing this now on LL 2.8 Beta test box. Will report back with results.
Download your free copy of Linux Lite today.
Jerry Bezencon
Linux Lite Creator
"Do not correct a fool, or he will hate you; correct a wise man and he will appreciate you."
01-20-2016, 01:38 AM
After reading Perception Point it looks like 3.8 and up is vulnerable. If this has not been exploited before, you can bet the chances are good it will be now.
01-20-2016, 07:40 AM
Got a segmentation fault when running it so not going to spend forever analyzing this, was just curious. Vuln requires physical access to your pc. So if you have a friend who's a wizard on the command line, keep him/her away from your pc :)
To update:
Reboot.
Lite Tweaks, Kernel Removal, remove all other 3.13 kernels.
To update:
Code:
sudo apt-get install linux-image-3.13.0-76-generic linux-headers-3.13.0-76-genericReboot.
Lite Tweaks, Kernel Removal, remove all other 3.13 kernels.
Code:
linux (3.13.0-76.120) trusty; urgency=low
[ Upstream Kernel Changes ]
* KEYS: Fix keyring ref leak in join_session_keyring()
- LP: #1534887
- CVE-2016-0728
-- Luis Henriques <[email protected]> Mon, 18 Jan 2016 09:54:03 +0000Download your free copy of Linux Lite today.
Jerry Bezencon
Linux Lite Creator
"Do not correct a fool, or he will hate you; correct a wise man and he will appreciate you."
« Next Oldest | Next Newest »
Users browsing this thread: 1 Guest(s)