Bug in latest Linux gives untrusted users root accessProtections for some, but not all

Recommended Posts


Bug in latest Linux gives untrusted users root accessProtections for some, but not all

By Dan Goodin in San Francisco

3rd November 2009 20:55 GMT A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

Read more details at The Register - http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

Link to post
Share on other sites
4 November 2009, 13:54

Hole in the Linux kernel allows root access

A null pointer dereference in the Linux kernel can be exploited to access a system at root privilege level. The hole is reportedly contained in pipe.c and can occur in certain circumstances when using the pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions while releasing a mutex (mutual exclusion) too early – which constitutes a classic race condition. So far, the flaw has only been fixed in release candidate 6 of the forthcoming version 2.6.32.

Heise security for further details - http://www.h-online....cess-850016.htm

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.