A new 0-day vulnerability was discovered in a 3 year old Linux Kernel, which is used by millions of servers, computers and android devices worldwide. The privilege escalation bug allows attackers to gain root access via a malicious application, without notifying legitimate users.
Leading Linux distributors will be releasing a critical update to CVE-2016-0728 during this week, but since updating different Android based system is not that easy, millions of users will remain vulnerable for unknown period.
The vulnerability that was discovered by Perception Point, was first introduced in version of 3.8 of the Linux Kernel back in 2012. Company has disclosed the details to the Kernel security team, and later developed a proof-of-concept exploit.
Security flaw is caused by a reference leak in the keyrings facility. The latter is a way to cache user security data such as encryption and authentication keys. The problem is that applications can manage keyrings facility objects and use it for any purposes, thus allowing a malicious application to take full control over authentication and encryption keys.
Even though the bug itself can directly cause a memory leak, it has far more serious consequences. After a quick examination of the relevant code flow, we found that the usage field used to store the reference count for the object is of type atomic_t, which under the hood, is basically an int – meaning 32-bit on both 32-bit and 64-bit architectures. While every integer is theoretically possible to overflow, this particular observation makes practical exploitation of this bug as a way to overflow the reference count seem feasible. And it turns out no checks are performed to prevent overflowing the usage field from wrapping around to 0.
As of now this vulnerability has not been exploited in the wild, however after this discovery many cyber criminals will have a desire to warm their hands on this bug.
Thanks to new vulnerability discoveries and sophistication of cyber criminals many hackers have switched from exploit Microsoft Windows to testing their skills with Linux, Mac and Android.
You can have a look at a major Linux backdoor discovery from previous year:
No system is secure!