Local Elevation of Privilege Vulnerability in Ubuntu 16.04 and Countermeasures

Source: Internet
Author: User
Tags cve

Local Elevation of Privilege Vulnerability in Ubuntu 16.04 and Countermeasures

Recently, Twitter user @ Vitaly Nikolenko published a message saying that the latest Ubuntu version (Ubuntu 16.04) has a high-risk Local Elevation of Privilege Vulnerability, and exp is also attached to the tweets.

Ubuntu is an open-source GNU/Linux Operating System Based On Debian GNU/Linux.

This release of EXP is CVE-2017-16995 Linux Kernel Vulnerability attack code. This vulnerability exists in the eBPF bpf (2) System Call of the Linux kernel. When a malicious BPF program is provided, the eBPF validator module produces a computing error, resulting in any memory read/write problems. Non-authorized users can use this vulnerability to gain permission elevation.

@ Vitaly Nikolenko: the vulnerability is still 0-day.

Interested users can download the EXP payload and verify it by referring to the updated apt source, data, and image provided by @ Vitaly Nikolenko.

Vulnerability rating

CVSS3 Base Score 7.8

CVSS3 Base Metrics CVSS: 3.0/AV: L/AC: L/PR: L/UI: N/S: U/C: H/I: H/A: H

Vulnerability recurrence

Impact Scope

Linux Kernel Version 4.14-4.4

Only Ubuntu/Debian versions are affected.

Repair suggestions

The Ubuntu official website does not provide a repair solution for the moment. FreeBuf suggestions:

1. Set the parameter "kernel. unprivileged_bpf_disabled = 1" to restrict bpf (2) calls. If the server fails to restart;

2. To Upgrade Linux Kernel, restart the server to take effect.

Echo "deb http://archive.ubuntu.com/ubuntu/ xenial-proposed restricted main multiverse universe">/etc/apt/sources. list & apt update & apt install linux-image-4.4.0-117-generic

Follow the Ubuntu official security vulnerability announcement page: https://usn.ubuntu.com /.

Reference Source
1. http://cyseclabs.com/exploits/upstream44.c
2. https://bugs.chromium.org/p/project-zero/issues/detail? Id = 1454 & desc = 3
3. https://access.redhat.com/security/cve/cve-2017-16995

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151424.htm

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.