Ubuntu 16.04 LTS 0day priv escalation

[ll0rtagem]

https://twitter.com/vnik5287/status/974439706896187392 http://cyseclabs.com/exploits/upstream44.c

[vicaya]

To disable this class of exploits (bugs in unprivileged bpf) without installing a new kernel:

echo 1 | sudo tee /proc/sys/kernel/unprivileged_bpf_disabled

[laci27]

There should really be a law against this sort of thing. Security researchers are needed and they provide a valuable service to the world, but please don't get ahead of yourselfs. In recent months there were many instances where people just disclosed vulnerabilities without making sure there are fixed available. This is wrong and legally should be equivalent to hacking.

In the past, when vulnerabilities with no fixes were disclosed were after months and months of trying to contact the developers of said software and patch it... Nowadays it seems everyone is eager to ride their 15 minutes of fame...SAD :)

[ll0rtagem]

I think the fix is in the tweet. The bug is fixed in the staging kernel and it shows how to install it?

[lampington]

The problem is that it's a staging kernel, not a full release. I've not been able to get it to boot on m3.large AWS instances, though it seems to work on xlarge.

[bell0x07]

I agree that everybody needs to follow responsible disclosure practices.

I think you are confusing two terms, braking the law and hacking. While hacking can be braking the law, most often it is not. Not all hackers are criminals.

[ekvintroj]

This is from 2016 actually https://www.exploit-db.com/exploits/39772/

[ll0rtagem]

nah that's unrelated. the bug is not a memory corruption

[AstralStorm]

Another exploit against a kernel space firewall language interpreter.

Why is this even enabled in Ubuntu?

[compsciphd]

well, it definitely works on my own box.

[laci27]

To ALL security 'researchers' out there: PLEASE don't disclose 0day's before they where fixed by the project owners!