To Customer Support To Customer Support

Linux Kernel Zero-Day CVE-2016-5195 Patched After Being Deployed in Live Attacks

  • 20 October 2016
  • 1 reply
  • 8 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Dirty COW flaw existed in Linux kernel for 9 years

 
                                   http://i1-news.softpedia-static.com/images/fitted/340x180/linux-kernel-zero-day-cve-2016-5195-patched-after-being-deployed-in-live-attacks.png
 
Oct 20, 2016 18:25 GMT  ·  By Catalin Cimpanu The Linux kernel team has fixed a security flaw deployed in attacks against production servers. The zero-day's identifier is CVE-2016-5195, but you'll also find it referenced online as Dirty COW.
 
According to the official patch, the issue existed in the Linux kernel since version 3.9, released in 2007.
 
There is no evidence that attackers exploited the flaw since 2007, but security researchers Phil Oester had notified Red Hat of recent incidents where an attacker had deployed exploit code that leveraged this issue.

Full Article

1 reply

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

Dan Goodin (US) - 21/10/2016
 
A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.
 
While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.
 
Full Article

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.