A serious Linux privilege-escalation bug has been in the wild for nine years

best linux distros
Spectral-Design/Shutterstock
There’s a Linux vulnerability in the wild that’s apparently been residing in just about every Linux version for the last nine years, and Linux users will want to install a patch as soon as possible.

The exploit is titled CVE-2016-5195, and it’s a privilege-escalation bug as opposed to a code-execution vulnerability, as Ars Technica reports. That makes it theoretically less serious, but nevertheless, researchers aren’t taking it lightly. In part, it’s considered a serious threat because it resides in a Linux kernel section that’s used by almost all Linux distributions. And the bug is apparently being actively used by malicious parties in the real world.

According to Dan Rosenberg, senior researcher at Azimuth Security, “It’s probably the most serious Linux local privilege escalation ever. The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time.” As of right now, Linux distributions are in various stages of receiving patches, after an official patch was developed by the official Linux kernel maintainers.

The exploit in question is one that can allow an attacker to gain greater levels of control over a targeted machine. For example, a user with otherwise limited access to a web-hosting provider’s server can use the exploit to gain deeper shell access, and then leverage that access to attack other users of the server or even server admins. Privilege-escalation vulnerabilities can also be combined with other exploits, such as SQL injection bugs, to run malicious code that they would normally be unable to execute.

Linux developer Phil Oester was the first to discover the bug, as indicated on a site that provides more information on the exploit. For now, you’ll want to check in with the maintainers of your particular Linux distribution and see if a patch is available. If it is, then you’ll want to apply it immediately to avoid seeing your Linux system suffer an attack.

Computing

Russian hackers behind ‘world’s most murderous malware’ probing U.S. power grid

A hacking group linked to the Russian government has attempted to breach the U.S. power grid. Security experts tracked the hackers, and warn that they were probing the grid for weaknesses.
Movies & TV

Skip the sunshine this summer and watch the best shows on Hulu

It's often overwhelming to navigate Hulu's robust library of TV shows. To help, we put together a list of the best shows on Hulu, whether you're into frenetic cartoons, intelligent dramas, or anything in between.
Movies & TV

Who needs sunshine? Stay inside and watch the best movies on Netflix instead

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Movies & TV

The best shows on Netflix right now (June 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Small Business

The 15 best tech jobs boast top salaries, high satisfaction, lots of openings

May may be coming to an end, but the bonanza of tech jobs just keeps coming. High-paying jobs abound at companies where people love to work. If you’re ready to make a change, this is a great time to look for something more fulfilling…
Computing

Air, Pro, or just a MacBook? Here's our guide to finding the right Apple laptop

Apple's lineup of MacBooks has started to swell, leaving fans a bit confused about which laptop they should buy. Depending on what you're looking for, we'll point you in the right direction.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Plant-based shoes and a ukulele learning aid

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

15-inch laptops come with extra power, but which of these wields it better?

HP's latest "gem-cut" Spectre x360 15 adds powerful components to make it the fastest 2-in-1 we've ever tested. Can it take on the equally fast and incredibly svelte Dell XPS 15?
Emerging Tech

Facebook builds virtual homes to train A.I. agents in realistic environments

Researchers at Facebook have created Habitat, which is a platform that enables rapid training for A.I. agents. They will receive thousands of hours of training in just a few minutes in the virtual homes.
Computing

Make your games sound amazing with one of these sets of awesome gaming speakers

If you want to take your gaming sound to the next level, you need to find the best gaming speakers for your set up. Whether you're on a tight budget, want some fancy RGB lighting, or just need the best speaker set money can buy, these great…
Computing

I bought a four-year-old MacBook Pro instead of a new one. Here’s why

The new MacBook Pros have a ton of advantages over the older options, but when it came to buying a replacement machine for myself, I found myself returning to 2015 rather than picking up Apple's latest and greatest.
Computing

Why OLED gaming monitors may be further from reality than we thought

Earlier this year, Dell showed us the promise of an exciting new future for gaming monitors with the reveal of the Alienware 55-inch OLED gaming display. We loved it. But according to new reports, it may never see the light of day.
Deals

Walmart cuts $300 off Dell Inspiron 5680 gaming desktop for gamers on a budget

If you're stashing money but want an upgradeable rig that will go a long way, then this solid deal on the Dell Inspiron Gaming Desktop 5680 with Intel Core i5-8400 is for you. It is now available for only $700 at Walmart.
Computing

Genius uses 19th-century tech to prove Google copied its song lyrics

Song lyrics website Genius says that it proved that Google has been copying its lyrics and posting them on its own search results page. And Genius says it was able to do it by using a decidedly old-school form communications tech.