Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

CVE-2016-5195 - Kernel local privilege escalation (exploited)

dccdcc Member, Host Rep
in General

Hi all,

Just noticed this:
https://access.redhat.com/security/vulnerabilities/2706661

Looks like anyone with local access can get root. Exploits are in the wild.

Upon further checking, doesn't look like this can be used to break out of an OpenVZ container or KVM guest as access to host's /proc/self/mem is required. However, anyone within a shared hosting setup (cPanel etc) could be affected.

Mitigation (not ideal, but works):
https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13

Comments

  • WilliamWilliam Member
    edited October 2016

    Some days old - Should not affect Cloudlinux or RHEL 5/6 (but 7). I think kernelcare patched my Cloudlinux 7.

    dcc said: guest as access to host's /proc/self/mem

    Why am i not even surprised this exploit exists...

    A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings

    Didn't we have that already...

    The in the wild exploit we are aware of doesn't work on Red Hat Enterprise Linux 5 and 6 out of the box because on one side of the race it writes to /proc/self/mem, but /proc/self/mem is not writable on Red Hat Enterprise Linux 5 and 6.

    ok...? Should i now rather ask why they did that or why CentOS has it likely writeable then?

  • rincewindrincewind Member

    Details

    Proof of concept

Sign In or Register to comment.