Update Your Linux Server – Local Privilege Escalation Vulnerability

January 25, 2016

If you’re running a server or desktop with Linux Kernel 3.8 or higher, you and your website or application are vulnerable to a very serious 0-day local privilege escalation vulnerability. Millions of Linux systems around the world are vulnerable to compromise and must be patched. We at Cut All The Shit have already updated our main servers, but if you’re not on our managed services plan and have a VPS or Dedicated server, then you could be vulnerable!

What Damage Can the Linux Vulnerability Cause?

This bug (referred to as CVE-2016-0728) affects the keyrings facility in the kernel, allowing the kernel to cache security data, authentication keys, and other sensitive data. The bug creates a leak in the keyring reference process, which can cause a memory leak and can enable exploitative actions that can cause harm to your server and data. Read the full security advisory here.

What You Need to Do to Protect Yourself and Your Data

The List of Affected Linux Distros

To be fully protected, install all available patches for your server and then reboot your server.

If you are a manged services (vps or dedicated) client, your kernel has already been patched.

Note: Before initiating this process, know that package upgrades may not go as planned.  As such, please be sure to have any data backed up before performing system changes.

Step One:

The first step is to note your current kernel version:

$ uname -a
$ uname -mrs

This will identify your kernel version. For example:

Linux 3.13.0-74-generic x86_64

Step Two:

Once you’ve identified your current kernel, your next step is to apply the patch. The patch will differ depending upon your kernel version. Upon patching, you’ll need to reboot your server. Here are the steps you need to take.

If you’re running Debian or Ubuntu Linux:

$ sudo apt-get update && sudo apt-get upgrade

Then, reboot your server:

$ sudo reboot

If you’re on RHEL/CentOS Linux:

$ sudo yum update
$ sudo reboot

If you’re on Suse Enterprise Linux or Opensuse Linux and want to apply all needed patches:

# zypper patch
# reboot

Alternatively, here is version specific info for Suse Enterprise Linux or Opensuse Linux:

SUSE Linux Enterprise Workstation Extension 12-SP1

# zypper in -t patch SUSE-SLE-WE-12-SP1-2016-124=1

USE Linux Enterprise Software Development Kit 12-SP1

# zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-124=1

SUSE Linux Enterprise Server 12-SP1

# zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-124=1

SUSE Linux Enterprise Module for Public Cloud 12

# zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-124=1

SUSE Linux Enterprise Live Patching 12

# zypper in -t patch SUSE-SLE-Live-Patching-12-2016-124=1

SUSE Linux Enterprise Desktop 12-SP1

# zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-124=1

To bring your system up-to-date, run:

# zypper patch && reboot

Step Three:

To ensure that your version number changed and your server has been patched, run:

$ uname -a
$ uname -r
$ umame –mrs

This command will confirm the version of the kernel your system is running. The following is a list of bug fixed kernel versions:

  • Ubuntu Linux 14.04 LTS : 3.13.0-76 (package version 3.13.0-76.120)
  • Debian Linux 8.x : 3.16.0-4 (package version 3.16.7-ckt20-1+deb8u3)
  • SUSE Linux Enterprise Server 12 SP1 : 3.12.51-60.25.1
  • RHEL 7 : 3.10.0-327.4.4.el7.x86_64
  • CentOS 7 : Same as RHEL 7

If you have any questions about the vulnerability or how to patch your server, don’t hesitate to contact Cut All The Shit support. We are always at your service.