Bug in latest Linux gives untrusted users root accessProtections for some, but not all

[Peaches]

<h2></h2>

Bug in latest Linux gives untrusted users root accessProtections for some, but not all

By Dan Goodin in San Francisco

3rd November 2009 20:55 GMT A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

Read more details at The Register - http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

[Peaches]

4 November 2009, 13:54

Hole in the Linux kernel allows root access

A null pointer dereference in the Linux kernel can be exploited to access a system at root privilege level. The hole is reportedly contained in pipe.c and can occur in certain circumstances when using the pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions while releasing a mutex (mutual exclusion) too early – which constitutes a classic race condition. So far, the flaw has only been fixed in release candidate 6 of the forthcoming version 2.6.32.

Heise security for further details - http://www.h-online....cess-850016.htm