Zero-day vulnerabilities discovered: 4
Privilege escalation
The vulnerability allows a local user to obtain elevated privileges on the target system.The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.
Software: Linux kernel
Links:
https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.9-rc2.tar.xz
https://dirtycow.ninja/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05352241
https://en.wikipedia.org/wiki/Dirty_COW
http://unix.stackexchange.com/questions/317981/dirty-cow-exploit-cve-2016-5195/318046
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
http://www.techinformant.in/dirty-cow-cve-2016-5195-vulnerability/
http://thehackernews.com/2016/10/linux-kernel-exploit.html
http://news.softpedia.com/news/linux-kernel-zero-day-cve-2016-5195-patched-after-being-deployed-in-l...
http://securityaffairs.co/wordpress/52521/hacking/dirty-cow-exploit.html
http://www.informationsecuritybuzz.com/expert-comments/dirty-cow-linux-vulnerability/
Use-after-free error
The vulnerability allows a local attacker to gain elevated privileges on the target system.The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.
The vulnerability has existed since 2012, but was disclosed in January, 2016.
Software: Linux kernel
Links:
http://thehackernews.com/2016/01/linux-kernel-hacker.html
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-...
https://www.cyberciti.biz/faq/linux-cve-2016-0728-0-day-local-privilege-escalation-vulnerability-fix...
http://williamdurand.fr/2016/01/21/patching-linux-kernel-raspbian/
http://securityaffairs.co/wordpress/43758/hacking/linux-kernel-vulnerability-fixed.html
http://www.pcworld.com/article/3023870/security/linux-kernel-flaw-endangers-millions-of-pcs-servers-...
https://syslint.com/blog/tutorial/new-linux-kernel-zero-day-exploit-vulnerability-cve-2016-0728/
https://l3net.wordpress.com/2016/01/20/firejail-target-practice-cve-2016-0728/
https://threatpost.com/serious-linux-kernel-vulnerability-patched/115923/
http://www.securityweek.com/linux-kernel-flaw-puts-millions-devices-risk
Buffer overflow
The vulnerability allows a local attacker to execute arbitrary code on the target system.This is a zero-day according to Trustwave.
CVE-2012-2319 is a follow-up to CVE-2009-4020; issues in the HFS file system were detailed and patched on Dec. 3, 2009, but HFSPlus was left vulnerable until May 4, 2012.
Software: Linux kernel
Links:
http://www.zdnet.com/article/linux-trailed-windows-in-patching-zero-days-in-2012-report-says/
https://www.trustwave.com/Resources/Library/Documents/2013-Trustwave-Global-Security-Report/?dl=1
https://lwn.net/Articles/538898/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f24f892871acc47b40dd594c6...
Privilege escalation
The vulnerability allows a local user to escalate privileges.The vulnerability exists due to improper allocation of userspace memory required for the 32-bit compatibility layer within compat_alloc_user_space() function in include/asm/compat.h file on on 64-bit platforms. A local user can call compat_mc_getsockopt() function and gain control over vulnerable system.
Successful exploitation of the vulnerability allows a local non-privileged user to gain root privileges.
Based on the sophisticated and fully functional exploits this vulnerability was exploited in the wild for quite some time before the patch was issued.
Software: Linux kernel
Known/fameous malware:
Linux/Exploit.CVE-2010-3081.B
Links:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c41d68a513c71e35a14f66d717...
https://access.redhat.com/articles/40258
https://blogs.oracle.com/ksplice/entry/anatomy_of_an_exploit_cve
http://ryanuber.com/09-25-2010/cve-2010-3081.html
https://blog.nelhage.com/2010/11/exploiting-cve-2010-3081/
http://www.thushanfernando.com/index.php/2010/09/20/cve-2010-3081-64bit-linux-kernel-root-exploit/
https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3081.html
https://www.dshield.org/diary/CVE-2010-3081%2Bkernel%3A%2B64-bit%2BCompatibility%2BMode%2BStack%2BPo...
http://www.kdawebservices.com/blog/2010/09/linux-vulnerability-cve-2010-3081-local-but-serious//cve20103081_see_whether_youve_been_hacked_and/
https://xorl.wordpress.com/2010/10/06/cve-2010-3081-cve-2010-3301-linux-kernel-compat-privilege-esca...
http://www.thehostingnews.com/ksplice-launches-free-security-tool-for-high-profile-cve-2010-3081-lin...
https://www.mnxsolutions.com/security/ksplice-provides-patch-for-linux-kernel-exploit-cve-2010-3081....
http://www.pcworld.com/article/205867/linux_kernel_exploit_gives_hackers_a_back_door.html
https://linux.slashdot.org/story/10/09/20/0217204/linux-kernel-exploit-busily-rooting-64-bit-machine...