1. Computing

A serious Linux privilege-escalation bug has been in the wild for nine years

By

best linux distros
Spectral-Design/Shutterstock
There’s a Linux vulnerability in the wild that’s apparently been residing in just about every Linux version for the last nine years, and Linux users will want to install a patch as soon as possible.

The exploit is titled CVE-2016-5195, and it’s a privilege-escalation bug as opposed to a code-execution vulnerability, as Ars Technica reports. That makes it theoretically less serious, but nevertheless, researchers aren’t taking it lightly. In part, it’s considered a serious threat because it resides in a Linux kernel section that’s used by almost all Linux distributions. And the bug is apparently being actively used by malicious parties in the real world.

According to Dan Rosenberg, senior researcher at Azimuth Security, “It’s probably the most serious Linux local privilege escalation ever. The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” As of right now, Linux distributions are in various stages of receiving patches, after an official patch was developed by the official Linux kernel maintainers.

The exploit in question is one that can allow an attacker to gain greater levels of control over a targeted machine. For example, a user with otherwise limited access to a web-hosting provider’s server can use the exploit to gain deeper shell access, and then leverage that access to attack other users of the server or even server admins. Privilege-escalation vulnerabilities can also be combined with other exploits, such as SQL injection bugs, to run malicious code that they would normally be unable to execute.

Linux developer Phil Oester was the first to discover the bug, as indicated on a site that provides more information on the exploit. For now, you’ll want to check in with the maintainers of your particular Linux distribution and see if a patch is available. If it is, then you’ll want to apply it immediately to avoid seeing your Linux system suffer an attack.

Editors' Recommendations

Update Google Chrome now to patch this critical security flaw

A MacBook with Google Chrome loaded.

PrintNightmare isn’t over, as Windows is hit with another printing vulnerability

HiveNightmare is a nasty new Windows bug. Here’s how to protect yourself

Windows 11 on a tablet.

Apple’s M1 chip has a flaw, but you shouldn’t worry

Coding on a MacBook

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Deathloop PC system requirements: Can your PC play Deathloop?

Colt kicks an enemy in Deathloop.

How much storage do you need on your new iPhone 13? Here’s how to decide

iPhone 13 Pro colors.

The best streaming devices for 2021

Chromecast with Google TV

The best gaming speakers for 2021

A Logitech speaker sitting beside a desktop computer.

The best robot vacuums for 2021

The iRobot Roomba s9 cleaning.

Succession season 3 trailer suggests an all-out family war

succession season 3 trailer

Best cheap gaming PC deals for September 2021

best graphics card for gaming origin neuron desktop review lifestyle behind shoulder

The unfortunate part about connected fitness equipment for the home

best home gym equipment cycle 3 970x647 c 1