Technology Guides, Reviews and News

Linux, discovered a critical bug in business for 9 years

A bug that allows privilege escalation was recently discovered on Linux, but it would be in business for nine years. The official patch has been released.

Almost all Linux distributions have been vulnerable to a critical bug in the last nine years, and it is strongly recommended that the installation of a fix. The exploit is identified as CVE-2016-5195, the bug that allows an escalation of privileges within the operating system. Gravity is lower than vulnerabilities that allow remote execution of code, but the bug was marked as critical, and it is not advisable to take it too lightly.

This is because mainly resides on a part of the Linux kernel used by most of the distributions, and also and especially because the exploit has been used actively by various cyber-attackers in the course of time. According to Dan Rosenberg, a researcher of Azimuth Security: ” It is probably the biggest event of the local privilege escalation in Linux ever. The vulnerability has been present for nine years, a very long time in these circumstances. ”

At the time of this, writing most Linux distributions are in various stages of patch deployment procedures after a generic patch has been officially released. The exploit in question may allow a malicious user to obtain higher levels of control on a specific system. Such as a restricted user on a web-hosting server you can use the exploit to gain access to the main shell and deeper.

Hence the attacker can attack the various users of the server or even its administrators also. The privilege escalation vulnerabilities can also be combined with other exploits, such as the SQL injection bug to run malicious code without higher permission could not be exploited.

The Linux developer Phil Oester was the first to discover the vulnerability, which was then treated extensively by technology site Ars Technica.