CVE-2016-0728
Linux bug imperils tens of millions of PCs, servers, and Android phones
Vulnerability allows restricted users and apps to gain unfettered root access.
For almost three years, millions of servers and smaller devices running Linux have been vulnerable to attacks that allow an unprivileged app or user to gain nearly unfettered root access. Major Linux distributors are expected to fix the privilege escalation bug this week, but the difficulty of releasing updates for Android handsets and embedded devices means many people may remain susceptible for months or years.
The flaw, which was introduced into the Linux kernel in version 3.8 released in early 2013, resides in the OS keyring. The facility allows apps to store encryption keys, authentication tokens, and other sensitive security data inside the kernel while remaining in a form that can't be accessed by other apps.
http://arstechnica.com/security/2016/01/linux-bug-imperils-tens-of-millions-of-pcs-servers-and-android-phones/
>>52521384
>kernel.org
please read out loud what version is the current stable
>muh security meme
The Perception Point Research team has identified a 0-day local privilege escalation vulnerability in the Linux kernel. While the vulnerability has existed since 2012, our team discovered the vulnerability only recently, disclosed the details to the Kernel security team, and later developed a proof-of-concept exploit. As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets). While neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild, we recommend that security teams examine potentially affected devices and implement patches as soon as possible.
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
>>52521408
>current stable
You lack reading comprehension.
>introduced into the Linux kernel in version 3.8
IT'S STILL THERE!!!!!
>implying i let the kernel handle the keyring
shills, everybody
>Another one
>>52521442
What do you use?
If it's RSA, you're even more fucked.
> Linux zero-day found
> LINUXFAGS BTFO
> Implying Windows and OSX don't have dozens of holes that we will never know about because it's all closed source
That's like saying that the athletic, fit guy is "unhealthy" because he came down with a flu and then fought it off while you cram KFC and shit down your throat and sit around watching TV all day with no regards for what you're doing to your body.
In all likelihood, your body is significantly less healthy than his even when he had the flu, and you're a hell of a lot more vulnerable.
>>52521384
kek
where's your security now, freetards?
windows masterrace
>>52521724
didn't Windows have a vulnerability where one could gain admin access by having the user open a .doc file
But hey, sure, Windows is great. I love my botnet OS.
>>52521384
Wrong board, dumb frogposter. If you can't trouble yourself to post a /g/-related image, then don't bother at all. Go meme your ebin well-meme'd memes on /b/ where that garbage belongs.
>>52521817
>/g/-related image
I just tried running the exploit to see if i was vulnerable
It just sits there using 100% CPU./test foo
uid=1000, euid=1000
Increfing...
Linux truly is a piece of shit OS for losers, i knew it was kust as insecure as everything else added with extra hassle.
>>52521384
>difficulty of releasing updates for Android handsets
>many people may remain susceptible for months or years.
>>52521980
Windows and osx are orders of magnitude less secure than Linux
Enjoy your viruses
>>52521980
>using a computer is a hassle
Maybe that's a good thing. I may now have a chance of installing root and busybox on my 3.10 locked down Xperia phone.
>>52522026
Linux is useless. How is that basement treating you? There are people who have work to do. Linux security is a meme and theres nothing to be afraid of since you cant do anything important with linux, so there isnt anything worth stealing.
>>52521384
>Linux bug imperils tens of millions of PCs, servers, and Android phones
>leenox
>millions of PCS
pffhaha
>Vulnerability allows restricted users and apps
>apps
>Leenox
pffhaha
>>52522094
>>millions of PCS
>pffhaha
Servers
>>52522090
I love this linux is bad meme.
>>52521948
the full exploit which takes about 30 minutes to run on Intel Core i7-5500 CPU
>>52522094
There are billions of Android phones out there.
>>52522090
I love how it can simultaneously be the case that linux security vulnerabilities are a big deal and that no-one uses linux for anything important.
One or the other, retard, not both.
>>52522090
>Linux is useless.
Tell that to all the android phones, embedded devices, servers and workstations running it
>How is that basement treating you?
Nice projecting
>There are people who have work to do.
People do work on all kinds of systems
>Linux security is a meme and theres nothing to be afraid of since you cant do anything important with linux, so there isnt anything worth stealing.
Last time I checked, only madmen ran webservers with anything other than linux
Meanwhile, zero days on Wang blows are never publicized. Just quietly patched, and the turd at Microsoft who found it gets a pat on the back.
Unless google finds it first.
>B-but it's free so it doesn't matter because it will get fixed soon
>Meanwhile billions of Android devices are never EVER going to get an update
Kek, the only security difference between Android and the other mobile OS is that you can be certain that your device is riddled with security holes, not only suspect it.
>>52522160
Wamp users make me cry
>>52521384
>kernel vulnerability
This is why we need GNU Hurd to develop faster or some other alternative to this hideous blob of kernel created by a freedom hating fag.
Let's face it, his kernel is open source only to get people to work for him for free, he hates free software.
[39235.755340] PAX: refcount overflow detected in: test:15514, uid/euid: 1000/1000
Based PAX
>>52521384
How could this last 3 years? I thought there thousands of people looking over the source code every day?
>>52521384
>OS keyring
this is why monolithic kernels are bad and why Stallman and Tanenbaum were right
fuck Monolithic shitters.
>>52522221
>Hurd
They've had thirty years to develop it, nigga. Ain't happening.
>>52522314
guaranteed replies
>>52522384
There are other options like gnu / kfreebsd (Debian distro) using the FreeBSD kernel.
idk think outside the box. A suitable Linux replacement is obviously going to take many years of work.
>>52522314
Some things slip through the cracks
The more paranoid would say otherwise
>>52521724
Where is yours winfags?
https://www.exploit-db.com/platform/?p=windows
>>52521384
Windows has the same "issue" for 10+ years now
>>52521384
Oh my god these /v/ spills literally learnt the term "zero-day"
Lincucks
>>52524020
>muh /v/ boogeyman
Kill yourself lincuck degenerate
>b-b-b-b---b-b-b-b-b-b-b-b-b--but
-dae le lincucks user
>>52521753
in just a minute is easy to find a privilege escalation bug for all windows.
http://foxglovesecurity.com/2016/01/16/hot-potato/
(The one posted by OP doesn't work if something like SELinux is present)
But on windows this are not even news.
>>52521384
Not a problem if you have SELinux or AppArmor.
>>52526194
underrated post
>I don't care that the OS I'm using is total shit, barely holding together with more security holes than anything else
t. stupid linuxposter
>>52526961
>security holes
such as? dont say this or u lose. or bash bug. both are patched
root for verizon note 4 when
>>52526759
>SELinux
>using NSA botnet
>ever
>>52521872
I shit you not, I'm Australian and this image took at least 20 seconds to fully load.
Gunjuu slesh loonuckz
Secure that which means the most to you:
Nothing.
You fat weeb fuck.
