HomePentest-Tools.com Logo

Huawei Data Communication: Dirty COW Vulnerability in Huawei Products (huawei-sa-20161207-01-dirtycow) CVE-2016-5195

Severity
CVSSv3 Score
7.8
Vulnerability description

In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel. This VT has been deprecated and is therefore no longer functional.

Risk description

In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel. A race condition was found in the way the Linux kernels memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could exploit this vulnerability to gain write access to otherwise read-only memory mappings and thus obtain the highest privileges on the system. (Vulnerability ID: HWPSIRT-2016-10050)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-5195.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. An attacker can exploit this vulnerability to escalate the privilege levels to obtain administrator privilege.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 10, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available