Analysis and Exploitation of a Linux Kernel Vulnerability

[KilUma]

Reference 1: http://perception-point.io/2016/01/14/a ... 2016-0728/
Reference 2: http://arstechnica.com/security/2016/01 ... id-phones/
Reference 3: https://plus.google.com/+AdrianLudwig/posts/KxHcLPgSPoY

Recently, security firm Perception Point discovered a vulnerability introduced in Linux Kernel version 3.8, dubbed CVE-2016-0728.

The flaw, which was introduced into the Linux kernel in version 3.8 released in early 2013, resides in the OS keyring. The facility allows apps to store encryption keys, authentication tokens, and other sensitive security data inside the kernel while remaining in a form that can't be accessed by other apps. According to a blog post published Tuesday, researchers from security firm Perception Point discovered and privately reported the bug to Linux kernel maintainers. To demonstrate the risk the bug posed, the researchers also developed a proof-of-concept exploit that replaces a keyring object stored in memory with code that's executed by the kernel.

Be on the lookout for a patch in the near future.

[jimallyn]

Be on the lookout for a patch in the near future.

Seems like I read somewhere that the 3.13.0-76 kernel has been patched for that, but I can't seem to find it at the moment.

[KilUma]

If you find it, please post it here: http://forums.linuxmint.com/viewtopic.p ... 6&t=214675

I am waiting on the mods to delete/move this post to the above post. I searched for the vulnerability, but didn't find it posted until AFTER I created this post. Cheers.

[karlchen]

Seems like I read somewhere that the 3.13.0-76 kernel has been patched for that, but I can't seem to find it at the moment.

<irony>
Must be sold out. So very likely I was lucky to receive and install kernel 3.13.0-76(120) on my 2 Mint 17.1 and Mint 17.2 systems on January 19th and 20th.
</irony>
And yes, kernel 3.13.0-76(120) brings along the patch for vulnerbility CVE-2016-0728.