PoC exploits for Linux privilege escalation bug published

The publication of proof-of-concept exploit code for a recently spotted privilege escalation flaw (CVE-2012-0056 ) in the Linux kernel has left Linux vendors scrambling to push out a patch.

The flaw affects versions 2.6.39 and above of the Linux kernel code, and the OS’ creator Linus Torvalds published a patch on the official Linux kernel repository more than a week ago.

Unfortunately, only RedHat and Ubuntu managed to push out patches for it before PoC attack code began popping up online, TechWorld reports.

Security researcher and programmer Jason Donenfeld first shared some insights about how the flaw can be exploited, and the information was used by others to create and publish their own PoC code. After that, Donenfeld revealed his exploit code – noting that it should be used only for research and education purposes – and shared advice on how it can be tweaked to work around specific roadblocks put by Gentoo and Fedora developers.

As Android is Linux-based, it didn’t take long for exploits for taking advantage of the same vulnerability to emerge. Among these is one dubbed mempodroid, created by Jay Freeman (a.k.a. saurik), author of the popular Cydia app that allows owners of jailbroken iOS-running devices to install software packages.

Freeman developed a successful root exploit for Android 4.0 (Ice Cream Sandwich) – which will, in time, be present on a variety of devices – and pointed out that the exploit should come in hand when users want to install custom software on a device running it.