Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 4

Privilege escalation in Linux kernel
CVE-2016-5195

Privilege escalation

The vulnerability allows a  local user to obtain elevated privileges on the target system.
The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.

Software: Linux kernel

The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.

Links:

https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.9-rc2.tar.xz
https://dirtycow.ninja/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05352241
https://en.wikipedia.org/wiki/Dirty_COW
http://unix.stackexchange.com/questions/317981/dirty-cow-exploit-cve-2016-5195/318046
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
http://www.techinformant.in/dirty-cow-cve-2016-5195-vulnerability/
http://thehackernews.com/2016/10/linux-kernel-exploit.html
http://news.softpedia.com/news/linux-kernel-zero-day-cve-2016-5195-patched-after-being-deployed-in-l...
http://securityaffairs.co/wordpress/52521/hacking/dirty-cow-exploit.html
http://www.informationsecuritybuzz.com/expert-comments/dirty-cow-linux-vulnerability/


Full report >

Privilege escalation in Linux kernel
CVE-2016-0728

Use-after-free error

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to use-after-free error in the join_session_keyring() function in security/keys/process_keys.c when handling keyring object reference counting by Linux kernel's key management subsystem. A local attacker can overflow the usage field via a specially crafted object and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.
The vulnerability has existed since 2012, but was disclosed in January, 2016.

Software: Linux kernel

The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.
The vulnerability has existed since 2012, but was disclosed in January, 2016.

Links:

http://thehackernews.com/2016/01/linux-kernel-hacker.html
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-...
https://www.cyberciti.biz/faq/linux-cve-2016-0728-0-day-local-privilege-escalation-vulnerability-fix...
http://williamdurand.fr/2016/01/21/patching-linux-kernel-raspbian/
http://securityaffairs.co/wordpress/43758/hacking/linux-kernel-vulnerability-fixed.html
http://www.pcworld.com/article/3023870/security/linux-kernel-flaw-endangers-millions-of-pcs-servers-...
https://syslint.com/blog/tutorial/new-linux-kernel-zero-day-exploit-vulnerability-cve-2016-0728/
https://l3net.wordpress.com/2016/01/20/firejail-target-practice-cve-2016-0728/
https://threatpost.com/serious-linux-kernel-vulnerability-patched/115923/
http://www.securityweek.com/linux-kernel-flaw-puts-millions-devices-risk

Full report >

Arbitrary code execution in Linux kernel
CVE-2012-2319

Buffer overflow

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the driver within HFS plus filesystem. By using a specially crafted Hierarchical File System (HFS) filesystem, a local attacker can trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This is a zero-day according to Trustwave.

CVE-2012-2319 is a follow-up to CVE-2009-4020; issues in the HFS file system were detailed and patched on Dec. 3, 2009, but HFSPlus was left vulnerable until May 4, 2012.

Software: Linux kernel

This is a zero-day according to Trustwave.

CVE-2012-2319 is a follow-up to CVE-2009-4020; issues in the HFS file system were detailed and patched on Dec. 3, 2009, but HFSPlus was left vulnerable until May 4, 2012.

Links:

http://www.zdnet.com/article/linux-trailed-windows-in-patching-zero-days-in-2012-report-says/
https://www.trustwave.com/Resources/Library/Documents/2013-Trustwave-Global-Security-Report/?dl=1
https://lwn.net/Articles/538898/
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f24f892871acc47b40dd594c6...

Full report >

Privilege escalation in Linux kernel
CVE-2010-3081

Privilege escalation

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper allocation of userspace memory required for the 32-bit compatibility layer within compat_alloc_user_space() function in include/asm/compat.h file on on 64-bit platforms. A local user can call compat_mc_getsockopt() function and gain control over vulnerable system.

Successful exploitation of the vulnerability allows a local non-privileged user to gain root privileges.

i

Based on the sophisticated and fully functional exploits this vulnerability was exploited in the wild for quite some time before the patch was issued.

Software: Linux kernel

Known/fameous malware:

Linux/Exploit.CVE-2010-3081.B

Based on the sophisticated and fully functional exploits this vulnerability was exploited in the wild for quite some time before the patch was issued.

Links:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c41d68a513c71e35a14f66d717...
https://access.redhat.com/articles/40258
https://blogs.oracle.com/ksplice/entry/anatomy_of_an_exploit_cve
http://ryanuber.com/09-25-2010/cve-2010-3081.html
https://blog.nelhage.com/2010/11/exploiting-cve-2010-3081/
http://www.thushanfernando.com/index.php/2010/09/20/cve-2010-3081-64bit-linux-kernel-root-exploit/
https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3081.html
https://www.dshield.org/diary/CVE-2010-3081%2Bkernel%3A%2B64-bit%2BCompatibility%2BMode%2BStack%2BPo...
http://www.kdawebservices.com/blog/2010/09/linux-vulnerability-cve-2010-3081-local-but-serious//cve20103081_see_whether_youve_been_hacked_and/

https://xorl.wordpress.com/2010/10/06/cve-2010-3081-cve-2010-3301-linux-kernel-compat-privilege-esca...
http://www.thehostingnews.com/ksplice-launches-free-security-tool-for-high-profile-cve-2010-3081-lin...
https://www.mnxsolutions.com/security/ksplice-provides-patch-for-linux-kernel-exploit-cve-2010-3081....
http://www.pcworld.com/article/205867/linux_kernel_exploit_gives_hackers_a_back_door.html
https://linux.slashdot.org/story/10/09/20/0217204/linux-kernel-exploit-busily-rooting-64-bit-machine...

Full report >

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.