View here to log in or access your console

OK

[High Risk Vulnerability Alert] Ubuntu 16.04 Kernel Local Privilege Escalation Vulnerability

On March 16, 2018, Alibaba Cloud Security Emergency Response Center monitored and found that some foreign security researchers announced a high-risk local privilege escalation vulnerability in Ubuntu 16.04 release. A malicious attacker could use this vulnerability to perform local privilege escalation operations.

Alibaba Cloud Platform itself is not affected by this vulnerability. Alibaba Cloud Security Emergency Response Center recommends that you start your self-inspection as early as possible and update patches in time according to vendor updates to prevent attackers from exploiting the vulnerability to initiate power-up attacks.

Affected Area:
Ubuntu 16.04 4.14 - 4.4 Family Core

Solution:
1. Workaround Suggestion:
After evaluating the risk, users can modify the kernel parameters to mitigate the vulnerability impact.
Run the command: #echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled
After completing the mitigation plan, it is recommended to implement a comprehensive solution according to the business conditions.

2. Comprehensive Solution:
Add source of xenial-proposed by following the steps:
Classic network environment:
# echo "deb http://mirrors.aliyuncs.com/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
VPC network environment
# echo "deb http://mirrors.cloud.aliyuncs.com/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
Run command: # apt update && apt install linux-image-generic
Reboot: # reboot
Check kernel version via command: # uname –a. If it is upgraded to 4.4.0-117 that means the recovery is successful.

Note: Please use ECS snapshot function to backup before the recovery.

Please refer to the links below for more details:
[1] https://usn.ubuntu.com/
[2] https://blog.aquasec.com/ebpf-vulnerability-cve-2017-16995-when-the-doorman-becomes-the-backdoor
[3] https://nvd.nist.gov/vuln/detail/CVE-2017-16995

This notice will be updated continuously. We would suggest that users pay attention to the contents of this notice. Should you have any questions, please feel free to contact us by submitting a ticket.

Alibaba Cloud