Linux vulnerability could give hackers root access

Linux has been one of the most secure operating systems for many years. Despite the fact that the popularity of the operation has been increasing, and that it was believed to be invulnerable to hackers, it has been repeatedly demonstrated that this is not the case. McAfee tells us that they have found 10 new vulnerabilities in the Linux kernel. But the worst of all this is that 4 of them could allow potential root access to the Linux file system.

Vulnerability in Linux could give hackers root access

As we are told by Softpedia, a group of McAfee VirusScan Enterprise researchers have found certain vulnerabilities in the Linux kernel (in the latest versions), which could allow an attacker to gain root privileges. And, therefore, full access to the machine.

Remote code execution occurs thanks to a simple vulnerability caused by update servers. These are somehow maliciously infected or replicated to make the infection possible and a hacker to add code.

Of the 10 vulnerabilities found by the McAfee team, only 4 of them have been significant enough to enable a breach of security in the Linux operating system. This is worrisome to a certain extent, since it makes things easier for hackers, and considering that more and more servers around the world are opting for this operating system, or derivatives, to manage their machines, we are not talking about few affected.

The first two vulnerabilities, listed as CVE-2016-8016 and CVE-2016-8017 ("Remote Unauthenticated File Existence Test" and "Remote Unauthenticated File Read with Constraints"), potentially allow hackers to compromise the privilege system and execute code malicious on the update servers of these Linux machines.

The script that allows obtaining the root privilege has been developed with the help of two other vulnerabilities, CVE-2016-8021 (“Web Interface Allows Arbitrary File Write to Known Location”) and CVE-2016-8020 (“Authenticated Remote Code Execution & Privilege Escalation ”), which help the hacker to raise enough privileges to take advantage of the first two vulnerabilities that we have discussed.

In the words of Andrew Fasano of the MIT Lincoln Laboratory, "using CRSF or XSS it is possible to use these vulnerabilities to gain root access remotely."