There was a vulnerability released earlier this week that has quite the potential to be a biggie. It is worth noting mainly because Ubuntu is quite prevalent and the propensity to patch systems is quite low, or at least slow. Ubuntu is also used as part of the underlying infrastructure for many a VPS provider.
The issue was discovered by Philip Pettersson and the details can be found here --> http://seclists.org/oss-sec/2015/q2/717
What it boils down to is an issue in overlayfs and permissions checking.
The POC shows a number of things that can be done using this vulnerability.
The patch is out, so that should be the first choice. If you can't patch you may be able to blacklist the module on your system (modify /etc/modprobe.d/blacklist or /etc/modprobe.d/blacklist.conf) on your system.
POC: https://www.exploit-db.com/exploits/37292/ and 37293
Mark H - Shearwater
Jun 22nd 2015
4 years ago