privilege escalation kernel hack ( CVE-2016-0728 )
Posted:
Jan 20th, '16, 08:53by jiml8
This one looks potentially very serious, though apparently there is no known exploit in the wild yet.
I am sure the Mageia team will get this patched as soon as upstream has a patch in place.
http://www.pcworld.com/article/3023870/ ... vices.html
Re: privilege escalation kernel hack
Posted:
Jan 20th, '16, 18:59by AstorBG
I hope the kernel developers patch it soon.
Here is more info for the exploit and demo:
http://perception-point.io/2016/01/14/a ... 2016-0728/
Re: privilege escalation kernel hack
Posted:
Jan 20th, '16, 20:03by jiml8
I compiled and ran the exploit on my workstation, and here is the result:
- Code: Select all
uid=501, euid=501
Increfing...
finished increfing
forking...
finished forking
caling revoke...
uid=501, euid=501
jiml@dadsbox:jiml> whoami
jiml
In other words, it did not work.
Re: privilege escalation kernel hack
Posted:
Jan 20th, '16, 20:14by jiml8
Turns out that a couple of kernel modules are not at the addresses listed in the demo exploit code. I have recompiled with the correct addresses for my running kernel, and I am trying the exploit again.
For reference, you can find the static location of kernel modules using "cat /proc/kallsyms"
Re: privilege escalation kernel hack
Posted:
Jan 20th, '16, 20:54by jiml8
Exploit did not work, even with correct module addresses.
This is kernel 4.1.15-desktop-1.mga5
Re: privilege escalation kernel hack
Posted:
Jan 20th, '16, 21:23by marja
Our kernel maintainer, tmb, knows about this vulnerability and already started patching the Mageia 5 kernels.
QA team will test the kernels as fast as possible, so they can be released as regular updates when QA team sees they don't have regressions.
Re: privilege escalation kernel hack
Posted:
Jan 20th, '16, 22:56by doktor5000
Re: privilege escalation kernel hack ( CVE-2016-0728 )
Posted:
Jan 21st, '16, 12:20by AstorBG
Excellent! Thanks guys!
That was promptly handled.
Re: privilege escalation kernel hack ( CVE-2016-0728 )
Posted:
Jan 21st, '16, 14:42by marja
After testing, the fixed kernels were pushed as regular updates for Mageia 5 over six hours ago.
However, some mirrors have problems syncing atm. If you don't get the update, you might want to select an up-to-date mirror (the green ones for Mga5 in this list
http://mirrors.mageia.org/status)
Re: privilege escalation kernel hack
Posted:
Jan 21st, '16, 16:04by doktor5000
jiml8 wrote:I compiled and ran the exploit on my workstation, and here is the result:
[...]
In other words, it did not work.
Didn't work here too. Seems my PS1 checking the return code of the last command protected me
But in any case, fixes were already pushed:
http://advisories.mageia.org/MGASA-2016-0033.html (for regular kernel)
http://advisories.mageia.org/MGASA-2016-0032.html (for kernel-tmb)
http://advisories.mageia.org/MGASA-2016-0031.html (for kernel-linus)