1. Computing

A serious Linux privilege-escalation bug has been in the wild for nine years

By

best linux distros
Spectral-Design/Shutterstock
There’s a Linux vulnerability in the wild that’s apparently been residing in just about every Linux version for the last nine years, and Linux users will want to install a patch as soon as possible.

The exploit is titled CVE-2016-5195, and it’s a privilege-escalation bug as opposed to a code-execution vulnerability, as Ars Technica reports. That makes it theoretically less serious, but nevertheless, researchers aren’t taking it lightly. In part, it’s considered a serious threat because it resides in a Linux kernel section that’s used by almost all Linux distributions. And the bug is apparently being actively used by malicious parties in the real world.

According to Dan Rosenberg, senior researcher at Azimuth Security, “It’s probably the most serious Linux local privilege escalation ever. The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” As of right now, Linux distributions are in various stages of receiving patches, after an official patch was developed by the official Linux kernel maintainers.

The exploit in question is one that can allow an attacker to gain greater levels of control over a targeted machine. For example, a user with otherwise limited access to a web-hosting provider’s server can use the exploit to gain deeper shell access, and then leverage that access to attack other users of the server or even server admins. Privilege-escalation vulnerabilities can also be combined with other exploits, such as SQL injection bugs, to run malicious code that they would normally be unable to execute.

Linux developer Phil Oester was the first to discover the bug, as indicated on a site that provides more information on the exploit. For now, you’ll want to check in with the maintainers of your particular Linux distribution and see if a patch is available. If it is, then you’ll want to apply it immediately to avoid seeing your Linux system suffer an attack.

Editors' Recommendations

The best documentaries on Netflix right now

Night Stalker: The Hunt for a Serial Killer

All Warzone bunker locations: Where they are and what’s inside

Android vs. iOS: Which smartphone platform is the best?

android vs ios v cameras feat

How to root Android phones and tablets (and unroot them)

galaxy s9 Plus hands-on review front full

We haven’t seen Dell XPS 13 deals this good since Black Friday — up to $670 off

dell inspiron 15 3000 xps 13 laptop deals labor day sales 2020 05 768x768

You won’t believe this Microsoft Surface Pro 7 deal at Best Buy right now

microsoft surface pro 7 deal best buy february 23 2021

How to get Google Earth Pro for free

What is Wi-Fi Direct? Here’s everything you need to know

carnegie mellon help speech project female smartphone generic getty

17 Black inventors who changed the tech world

famous black inventors and their inventions jerry lawson channel f video game console

Apple is redesigning the iMac. Here’s what it must get right

apple refreshes imacs new graphics intel processors imac gets 2x more performance small business screen 03192019

5G vs. Wi-Fi: How they’re different and why you’ll need both

ASRock X10 IoT Router

The best Surface Pro cases and covers for 2021

best surface pro cases microsoft 6 review 3 2 1500x1000

Is 5G dangerous? We asked an expert

5G