Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bug in Linux Kernel Allows Root Privileges


  • Please log in to reply
5 replies to this topic

#1 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 19 August 2010 - 01:45 PM

Root privileges through Linux kernel bug - Update
According to a report written by Rafal Wojtczuk, a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.

The H Security

A little info for our linux people, hope you find it useful. Enjoy
Karsten

BC AdBot (Login to Remove)

 


#2 MadDawg

MadDawg

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TX
  • Local time:10:43 PM

Posted 20 August 2010 - 12:48 AM

Interesting... Thanks for the heads-up.
A penguin broke my windows with a half-eaten apple!

#3 KarstenHansen

KarstenHansen

    The Dane

  • Topic Starter

  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 20 August 2010 - 07:09 AM

My pleasure.

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:43 PM

Posted 20 August 2010 - 07:28 PM

Not that every linux user is going to update their kernel, but this
issue has been patched in 2.6.35.2 and 2.6.34.4.
It's a local exploit so an attacker would need to be logged in from ssh
or have physical access to the box.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#5 Wavelength

Wavelength

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 18 October 2010 - 08:03 PM

this issue has been patched in 2.6.35.2 and 2.6.34.4.

You left out the most important kernel of them all: The one I use! I'm in Ubuntu 10.04, with 2.6.32-25, which I'm assuming has the patch, even though my system reports the kernel with a hyphen.

Thanks to all for the information.

Edited by Andrew, 18 October 2010 - 09:55 PM.
Mod Edit: Fixed malformed BBCode - AA


#6 maladmin

maladmin

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 22 October 2010 - 12:28 PM

2.6.32-25 is vulnurable, you should update to 2.6.32-25.45
http://www.ubuntu.com/usn/usn-1000-1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users