Mageia forum

by **jiml8** » Jan 20th, '16, 08:53

This one looks potentially very serious, though apparently there is no known exploit in the wild yet.

I am sure the Mageia team will get this patched as soon as upstream has a patch in place.

http://www.pcworld.com/article/3023870/ ... vices.html

by **AstorBG** » Jan 20th, '16, 18:59

I hope the kernel developers patch it soon.
Here is more info for the exploit and demo:
http://perception-point.io/2016/01/14/a ... 2016-0728/

by **jiml8** » Jan 20th, '16, 20:03

I compiled and ran the exploit on my workstation, and here is the result:

Code: Select all: uid=501, euid=501 Increfing... finished increfing forking... finished forking caling revoke... uid=501, euid=501 jiml@dadsbox:jiml> whoami jiml

In other words, it did not work.

by **jiml8** » Jan 20th, '16, 20:14

Turns out that a couple of kernel modules are not at the addresses listed in the demo exploit code. I have recompiled with the correct addresses for my running kernel, and I am trying the exploit again.

For reference, you can find the static location of kernel modules using "cat /proc/kallsyms"

by **jiml8** » Jan 20th, '16, 20:54

Exploit did not work, even with correct module addresses.

This is kernel 4.1.15-desktop-1.mga5

by **marja** » Jan 20th, '16, 21:23

Our kernel maintainer, tmb, knows about this vulnerability and already started patching the Mageia 5 kernels.
QA team will test the kernels as fast as possible, so they can be released as regular updates when QA team sees they don't have regressions.

by **doktor5000** » Jan 20th, '16, 22:56

FWIW, link to the bugreport: https://bugs.mageia.org/show_bug.cgi?id=17557

by **AstorBG** » Jan 21st, '16, 12:20

Excellent! Thanks guys!
That was promptly handled.

by **marja** » Jan 21st, '16, 14:42

After testing, the fixed kernels were pushed as regular updates for Mageia 5 over six hours ago.
However, some mirrors have problems syncing atm. If you don't get the update, you might want to select an up-to-date mirror (the green ones for Mga5 in this list http://mirrors.mageia.org/status)

by **doktor5000** » Jan 21st, '16, 16:04

jiml8 wrote:I compiled and ran the exploit on my workstation, and here is the result:
[...]
In other words, it did not work.

Didn't work here too. Seems my PS1 checking the return code of the last command protected me

But in any case, fixes were already pushed:

http://advisories.mageia.org/MGASA-2016-0033.html (for regular kernel)
http://advisories.mageia.org/MGASA-2016-0032.html (for kernel-tmb)
http://advisories.mageia.org/MGASA-2016-0031.html (for kernel-linus)

Mageia forum

privilege escalation kernel hack ( CVE-2016-0728 )

privilege escalation kernel hack ( CVE-2016-0728 )

Re: privilege escalation kernel hack

Re: privilege escalation kernel hack

Re: privilege escalation kernel hack

Re: privilege escalation kernel hack

Re: privilege escalation kernel hack

Re: privilege escalation kernel hack

Re: privilege escalation kernel hack ( CVE-2016-0728 )

Re: privilege escalation kernel hack ( CVE-2016-0728 )

Re: privilege escalation kernel hack

Who is online