关联漏洞
标题:
Linux kernel 竞争条件问题漏洞
(CVE-2016-5195)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 2.x至4.8.3之前的4.x版本中的mm/gup.c文件存在竞争条件问题漏洞,该漏洞源于程序没有正确处理copy-on-write(COW)功能写入只读内存映射。本地攻击者可利用该漏洞获取权限。
描述
Ansible playbook to mitigate CVE-2016-5195 on CentOS
介绍
# Ansible CVE-2016-5195 mitigation playbook
Ansible playbook to mitigate CVE-2016-5195 on CentOS/Scientific Linux with SystemTap.
Automating this mitigation recipe found on Red Hat Bugzilla:
[https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13](https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13)
This playbook install Kernel debuginfo packages and SystemTap. Then it will generate a SystemTap module and runs it in the background. If you reboot the server you'll need to re-run this playbook to restore the mitigation.
## Disclaimer
I'm not a kernel security expert, nor a SystemTap expert. I've not verified effectiveness of this vulnerability mitigation recipe. I give no guarantees of any kind. This playbook may break your server and cause data loss for you.
## Author
Ilari Stenroth
Twitter: @istenrot
文件快照
[4.0K] /data/pocs/de37ef5ac5c8fde5dbf1047c5f7d3b6a2668e5c3
├── [1.5K] deploy.yml
├── [4.0K] files
│ └── [ 292] CVE-2016-5195.stp
├── [1.0K] LICENSE
└── [ 825] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。