Slashdot Mirror
New Linux Kernel Flaw Allows Null Pointer Exploits
Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. Threatpost.com reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"
After all the crap Brad had to put up with from the SELinux faction, it's good to see technical ability once more scoring points over politics.
(I understand the irony that this comment, is, in itself, purely political)
The language is called Assembly. An assembler assembles assembly code into machine code.
Bullshit. MS puts a high priority on any security issue. In addition, Windows has a built in patch distribution process that works very well. It will be ages and ages before a majority of Linux machines running this kernel version are updated.
Yes. In the server market. You people who think "server market" means "Internet web servers run by some Joe Schmoe".
Microsoft dominates in the corporate server environment, you clueless git.
How much testing went into that 24 hour old fix? You can bet that Microsoft tests the living shit out of any changes they push out. They'd rather leave a known exploit in place to make sure they aren't introducing new unknown ones.