New 0-days flaw affects Linux and Android

include flaw
include flaw

Last updated: July 3, 2022

A new zero-day flaw (CVE-2016-0728) has just been discovered in the Linux kernel which allows any user to have root access.

The exploit thus allows a simple user to take the privileges of a super user on a Linux machine by simply running a script.

According to a report released yesterday by security solutions provider Perception Point, "It affects all Android phones running KitKat (4.4) or higher."

Is my Gnu / Linux distribution affected?

All machines with a Linux 3.8 (or higher) kernel are vulnerable, including tens of millions of Linux PCs and servers, both 32 and 64-bit. By taking advantage of this vulnerability, attackers are able to delete files, access personal information, and install various programs.

How to know the version of the linux kernel?

To find out the version of the linux kernel of your distribution, type the following command in a console:

# uname -r

How to use this exploit?

Perception Point provided a technical analysis of the vulnerability and how it can be exploited, and also the proof of concept (PoC) of the exploitation code.

For my part, I tested this exploit successfully on a virtual machine that is running Kali Linux. Here is how I did it:

I downloaded the exploit first, then compiled it and ran it with the following commands:

# gcc cve_2016_0728.c -o cve_2016_0728 -lkeyutils -wall
#. / cve_2016_0728 PP1


How to protect yourself?

The Linux team has been notified and patches should be available shortly and will be installed via automatic updates.

So to protect yourself, remember to update the kernel and restart the machine for the changes to take effect.

To do this, type the following commands according to your linux distribution:

Debian or Ubuntu Linux:

#sudo apt-get update && sudo apt-get upgrade

RHEL/CentOS Linux:

#sudo yum update

In addition, I advise you never to install a compiler on linux servers (gcc, g ++, javac…).

Finally, the only fears would therefore be on the side of Android where it is recurrent to note that the manufacturers release the patches quite late. And for some older devices, they no longer deliver security updates. So the best is to change phone altogether.