How to fix the latest 0-day flaw of Linux and Android
The Israeli company specializing in security, Perception Point, disclosed a vulnerability in Linux and Android. The company describes this as a zero-day "vulnerability of local elevation of privileges in the Linux kernel." This is actually what it is, but that's not the whole story.
What Perception point did not say is that after the discovery of the fault, their discovery (CVE-2016-0728) was sent upstream for correction to the Linux kernel developers. The only reasonto be called a "zero-day" was because Perception Point has provided a feat when the patch was already under development.
Why did they do this?
It is to promote companies which nobody heard. In this way, they make the headlines and we inherit the security headaches "commented a Linux security developer.
This, according to another programmer working on solving the problem is far from an isolated case. "Security companies are still a big story of small problems for their own benefit."
In this case, the vulnerability could exploit the keyring Linux, a feature used to cache different types of safety-related data such as encryption keys. Problems arise when the field used to store the name of an object is exploited to cause a buffer overflow. An attacker is able to overwrite memory and cause a privilege escalation exploit in. In summary, yes an ordinary user can obtain the rights of a "super user".
This is not good news, it's not intended as It Seems. First, you need a user account. At a minimum, an attacker Would need to-have on the target system a login and a shell account.
In addition, for once, this problem Does not affect older systems. Only Linux distributions using the 3.10 or later versions of the Linux kernel can be attacked This. Linux 3.10 is available since August 2013.
More specifically, the following distributions are theoretically vulnerable:
CentOS Linux 7
Debian Linux stable 8.x (Jessie)
Debian Linux testing 9.x (stretch)
Fedora 21
Scientific Linux 7
openSUSE Linux LEAP 42.x et version 13.x
Oracle Linux 7
Red Hat Enterprise Linux (RHEL) 7
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server (SLES) 12
Ubuntu Linux 14.04 LTS (Trusty Tahr)
Ubuntu Linux 15.04 (Vivid Vervet)
Ubuntu Linux 15.10 (Wily Werewolf)
Even on these systems, the posted exploit does not work. I tried it myself on a Fedora 23 system with 8GB of RAM. This eventually locked the PC once the free memory is exhausted. Others report that the attack failed due to a memory exhaustion.
If this method can be exploited to attack 4.4 and later Android devices, such an attack, however, is meaningless. First, we must have the device in hand. Then it would take more memory than I have ever seen on an Android device. Finally, as Collection Point recognizes, "the full achievement requires 30 minutes to run on an Intel Core i7-5500 CPU." On Android, it would take more than a day. Clearly, there are simpler ways to deal with a smartphone or Android tablet.
Moreover, many, if not most Linux kernels have SMEP (Supervisor Mode Execution Protection) and / or SMAP (Supervisor access prevention mode) enabled. If these security measures can be circumvented, they add a layer of complexity to the successful exploitation of the flaw.
Yet the problem needs a solution. The patch is already available as source code. Most Linux distributions have provided the patch. One exception: Red Hat (January 20).
A solution that does not work, is to use the following command:
# echo 1 > /proc/sys/kernel/keys/maxkeys
Instead, depending on your distribution, you should run the following command from the shell:
Aucun commentaire:
Enregistrer un commentaire