Massive Linux vulnerability discovered
- By Derek Major
- Jan 20, 2016
A zero-day vulnerability allowing Android or Linux applications to escalate privileges and gain root access has been discovered, raising concerns for a vast array of servers and mobile devices.
Any machine with Linux Kernel 3.8 or higher is vulnerable, according to the report by security vendor Perception Point, which discovered the problem. In addition to Linux, the vulnerability also affects 66 percent of all Android devices.
Using the vulnerability -- which has existed since 2012 -- an attacker can delete files, install programs and view private information. The Perception Point researchers said the Red Hat security team has been notified of the vulnerability and advised administrators to patch it as soon as possible. Red Hat said it will release documentation on a fix when it becomes available.
Linux PCs aren’t terribly common in the public sector, but the operating system powers the vast majority of today's web servers. And as CSO Online noted, Linux also is used in a wide range of embedded systems and Internet of Things devices.
The bug comes just after a batch of Android vulnerabilities were recently discovered and fixed by Google, including several kernel privilege escalation vulnerabilities. Five of the critical vulnerabilities patched were related to bugs in the kernel drivers or the kernel itself, CSO Online reported.
Derek Major is a former reporter for GCN.