Security Bulletin
Summary
A vulnerability in the Linux kernel privesc impacts Tivoli Business Service Manager (TBSM) on Linux platform.
Vulnerability Details
CVEID: CVE-2016-5195
Description: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition when handling the copy-on-write (COW) breakage of private read-only memory mappings by the memory subsystem. An attacker could exploit this vulnerability to gain write access to read-only memory mappings and elevated privileges on the system.
Note: This vulnerability is known as the Dirty COW bug.
CVSS Base Score: 8.400
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/118170 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
This is a privilege escalation vulnerability affecting all-vendor Linux kernels for the last 10+ years.
This is noteworthy as an exploit using this flaw has been found in the
wild. Sending to this list as it hasn't gained much attention yet and you
may have environments where privilege escalations are of concern.
More details https://bugzilla.redhat.com/show_bug.cgi?id=1384344
https://access.redhat.com/security/vulnerabilities/2706661
----Some Additional Details
Red Hat indicated that the Dirty COW vulnerability (CVE-2016-5195) has been exploited in the wild. Exploit code has been made available on the Internet. Since this vulnerability deals with a Linux kernel issue, a number of different distributions are affected. A partial list includes Red Hat, Debian, Ubuntu, Gentoo, SUSE, Mageia, as well as potentially others. An advisory, published by Security Focus, lists the various kernel versions believed to be vulnerable to this local privilege escalation vulnerability. We advise monitoring your distribution's web site for a new kernel release and updating as soon as it is available.
https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
https://access.redhat.com/security/vulnerabilities/2706661
https://access.redhat.com/security/cve/CVE-2016-5195
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
https://security-tracker.debian.org/tracker/CVE-2016-5195
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2016-5195
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2016-5195
https://advisories.mageia.org/
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
http://www.securityfocus.com/bid/93793
https://dirtycow.ninja/
Affected Products and Versions
|
Principal Product and Version(s) | Affected Platform(s) |
| Tivoli Business Service Manager 6.1.x | Since this vulnerability deals with a Linux kernel issue, a number of different distributions are affected. A partial list includes Red Hat, Debian, Ubuntu, Gentoo, SUSE, Mageia, as well as potentially others. |
Remediation/Fixes
|
Principal Product and Version(s) | Affected Platform(s) |
| Tivoli Business Service Manager 6.1.x | Find out more about CVE-2016-5195 from the MITRE CVE dictionary. |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
22 December 2016: Original Version Published.
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21996439