sunhux
asked on
Assess most serious Linux privilege escalation bug
http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/
Q1:
After reading the above, I still can't identify which flavor of Linux it affects:
RHEL, Ubuntu, CentOS, Mandrake, Debian, ...
Q2:
Are custom Linuxes like those used in Cisco IOS or NX-OS (Nexus), Bluecoat appliances (Ubuntu), Androids,
Juniper ScreenOS & JunOS, photocopiers/MFPs affected? How do we determine if they are affected?
Q3:
I'm also trying to determine the Linux variants without login to the OS/device: how can I do it? Do provide
the exact commands (say using nmap) ?
Q1:
After reading the above, I still can't identify which flavor of Linux it affects:
RHEL, Ubuntu, CentOS, Mandrake, Debian, ...
Q2:
Are custom Linuxes like those used in Cisco IOS or NX-OS (Nexus), Bluecoat appliances (Ubuntu), Androids,
Juniper ScreenOS & JunOS, photocopiers/MFPs affected? How do we determine if they are affected?
Q3:
I'm also trying to determine the Linux variants without login to the OS/device: how can I do it? Do provide
the exact commands (say using nmap) ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Internet-facing devices are the first we need to look into, so the F5 devices, external
firewall (ie Juniper) & external router (Cisco IOS) are the ones that come to mind
firewall (ie Juniper) & external router (Cisco IOS) are the ones that come to mind
ASKER
So questions are:
a) if we use 2nd latest version of F5 (LTM GTM) OS, are we affected (based on the kernel
versions BTan provided above)
b) are the CIsco IOS 12.x (also 2nd latest version) affected?
c) are VMware ESXi 5.1 affected?
a) if we use 2nd latest version of F5 (LTM GTM) OS, are we affected (based on the kernel
versions BTan provided above)
b) are the CIsco IOS 12.x (also 2nd latest version) affected?
c) are VMware ESXi 5.1 affected?
ASKER
Thing is we currently has MS SCCM deployment tool which I don't think it
could centrally login (or remotely issue a command to) UNIX/Linux based devices
could centrally login (or remotely issue a command to) UNIX/Linux based devices
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i think vmware is but i'm usure about which versions ( given the above ). real time kernels are not.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Last few clarifications from me (hopefully):
Is there any tool or VA scanner that could detect this vulnerability currently
(other than the RHEL script & manually login to check the kernel version)?
Are the following versions of products vulnerable:
F5 BIGIP: 11.6.1 HF1
Bluecoat proxy: 6.6.3.2
an appliance : Ubuntu 12.04.1 LTS
Is there any tool or VA scanner that could detect this vulnerability currently
(other than the RHEL script & manually login to check the kernel version)?
Are the following versions of products vulnerable:
F5 BIGIP: 11.6.1 HF1
Bluecoat proxy: 6.6.3.2
an appliance : Ubuntu 12.04.1 LTS
ASKER
One security bulletin that we subscribed to listed the following:
Last few clarifications from me (hopefully):
Ubuntu/Debian distro versions that are earlier than the following are affected:
• 4.8.0-26.28 for Ubuntu 16.10
• 4.4.0-45.66 for Ubuntu 16.04 LTS
• 3.13.0-100.147 for Ubuntu 14.04 LTS
• 3.2.0-113.155 for Ubuntu 12.04 LTS <== is our 12.04.1 LTS affected?
• 3.16.36-1+deb8u2 for Debian 8
• 3.2.82-1 for Debian 7
• 4.7.8-1 for Debian unstable
RedHat product versions that are impacted are as per follows:
• Red Hat Enterprise Linux 5 <== F5 BIGIP 11.6.1 HF1 is under this?
• Red Hat Enterprise Linux 6
• Red Hat Enterprise Linux 7
• Red Hat Enterprise MRG 2
• Red Hat Openshift Online v2
Last few clarifications from me (hopefully):
Ubuntu/Debian distro versions that are earlier than the following are affected:
• 4.8.0-26.28 for Ubuntu 16.10
• 4.4.0-45.66 for Ubuntu 16.04 LTS
• 3.13.0-100.147 for Ubuntu 14.04 LTS
• 3.2.0-113.155 for Ubuntu 12.04 LTS <== is our 12.04.1 LTS affected?
• 3.16.36-1+deb8u2 for Debian 8
• 3.2.82-1 for Debian 7
• 4.7.8-1 for Debian unstable
RedHat product versions that are impacted are as per follows:
• Red Hat Enterprise Linux 5 <== F5 BIGIP 11.6.1 HF1 is under this?
• Red Hat Enterprise Linux 6
• Red Hat Enterprise Linux 7
• Red Hat Enterprise MRG 2
• Red Hat Openshift Online v2
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
On my previous post it should have been ID: 41855291
ASKER
Looks like F5 (LTM Loadbalancer & GTM) that we used & Avaya are RHEL based, so they're
affected.
What about Thales HSM ?