Canonical has released updates for Ubuntu to address a local root privilege escalation vulnerability that can be exploited to gain administrative privileges on the system.
The kernel vulnerability, identified by Philip Pettersson of the Samsung SDS Security Center, is related to the OverlayFS Linux filesystem service and it affects the default configuration on all supported versions of Ubuntu. The CVE identifier CVE-2015-1328 has been assigned to this bug.
“The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces,” explained Pettersson in an advisory published on Monday on the Full Disclosure mailing list.
The researcher has published a proof-of-concept (PoC) exploit to demonstrate his findings.
Canonical has addressed the issue by releasing updates for Ubuntu 12.04 LTS (Precise Pangolin), Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 14.10 (Utopic Unicorn) and Ubuntu 15.04 (Vivid Vervet). Users are advised to update their installations as soon as possible.
According to Pettersson, users who don’t want to update their kernel and don’t use OverlaysFS can remove or blacklist overlayfs.ko / overlay.ko as a workaround.