[vox] Linux kernel (3.8 (circa 2012) & later) root privilege escalation vulnerability flaw patched [CVE-2016-0728]
Bill Kendrick
nbs at sonic.net
Thu Jan 21 11:54:07 PST 2016
"Serious Linux Kernel Vulnerability Patched"
Threat Post, January 19, 2016
https://threatpost.com/serious-linux-kernel-vulnerability-patched/115923/
"It's pretty bad because a user with legitimate or lower privileges can gain
root access and compromise the whole machine [...] With no auto update for
the kernel, these versions could be vulnerable for a long time.
Every Linux server needs to be patched as soon the patch is out."
...an attacker would require local access to exploit the vulnerability on a
Linux server. A malicious mobile app would get the job done on an Android
device (Kit-Kat and higher)...
Alerts from various distros:
* Ubuntu: http://www.ubuntu.com/usn/usn-2870-1/
* Debian: https://www.debian.org/security/2016/dsa-3448
* SUSE: https://www.suse.com/security/cve/CVE-2016-0728.html
* RedHat: https://access.redhat.com/articles/2131021
See also: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0728
--
-bill!
Sent from my computer
More information about the vox
mailing list