Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 2
Privilege escalation in Linux kernel
CVE-2016-5195
Privilege escalation
The vulnerability allows a local user to obtain elevated privileges on the target system.The weakness is due to race condition in the kernel memory subsystem in the management of copy-on-write operations on read-only memory mappings that lets attackers to overwrite kernel memory and gain kernel-level privileges.
Successful exploitation of the vulnerability results in gaining of root privileges on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by security researcher Phil Oester and is called "DIRTY COW".
It is believed that the vulnerability was being exploited in the wild for quite some time.
Software: Linux kernel
It is believed that the vulnerability was being exploited in the wild for quite some time.
Links:
https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/linux-4.9-rc2.tar.xz
https://dirtycow.ninja/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05352241
https://en.wikipedia.org/wiki/Dirty_COW
http://unix.stackexchange.com/questions/317981/dirty-cow-exploit-cve-2016-5195/318046
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
http://www.techinformant.in/dirty-cow-cve-2016-5195-vulnerability/
http://thehackernews.com/2016/10/linux-kernel-exploit.html
http://news.softpedia.com/news/linux-kernel-zero-day-cve-2016-5195-patched-after-being-deployed-in-l...
http://securityaffairs.co/wordpress/52521/hacking/dirty-cow-exploit.html
http://www.informationsecuritybuzz.com/expert-comments/dirty-cow-linux-vulnerability/
Privilege escalation in Linux kernel
CVE-2016-0728
Use-after-free error
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to use-after-free error in the join_session_keyring() function in security/keys/process_keys.c when handling keyring object reference counting by Linux kernel's key management subsystem. A local attacker can overflow the usage field via a specially crafted object and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.
The vulnerability has existed since 2012, but was disclosed in January, 2016.
Software: Linux kernel
The vulnerability has existed since 2012, but was disclosed in January, 2016.
Links:
http://thehackernews.com/2016/01/linux-kernel-hacker.html
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-...
https://www.cyberciti.biz/faq/linux-cve-2016-0728-0-day-local-privilege-escalation-vulnerability-fix...
http://williamdurand.fr/2016/01/21/patching-linux-kernel-raspbian/
http://securityaffairs.co/wordpress/43758/hacking/linux-kernel-vulnerability-fixed.html
http://www.pcworld.com/article/3023870/security/linux-kernel-flaw-endangers-millions-of-pcs-servers-...
https://syslint.com/blog/tutorial/new-linux-kernel-zero-day-exploit-vulnerability-cve-2016-0728/
https://l3net.wordpress.com/2016/01/20/firejail-target-practice-cve-2016-0728/
https://threatpost.com/serious-linux-kernel-vulnerability-patched/115923/
http://www.securityweek.com/linux-kernel-flaw-puts-millions-devices-risk