Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Kernel Flaw Allows Null Pointer Exploits

Posted by Soulskill on from the recipe-for-fun dept.

Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. Threatpost.com reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"

12 of 391 comments (clear)

  1. Fast! leave the sinking Ship! by Anonymous Coward · · Score: 0, Funny

    Fast! leave the sinking Ship before its too late!

  2. Re:Double standards by infolation · · Score: 5, Funny

    This language is called Pedantry. A pedant pedantically peddles english into pedanticism.

  3. Re:I always disable those by 140Mandak262Jamuna · · Score: 4, Funny

    They create vulnerabilities by allowing remote code to overload error handlers and thus pwn your system?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  4. Re:Just don't use that version by INT_QRK · · Score: 2, Funny

    don't know why but "uname -a" was replaced by ">" in my above post...something I did

  5. Re:Double standards by ivucica · · Score: 2, Funny

    gcc -pedantic $@

  6. Re:Double standards by alnjmshntr · · Score: 4, Funny

    Right... Because Microsoft are really losing sleep over the negative comments posted on slashdot, so they have assembled a crack team of slashdotters to game the moderation system in their favour.

    You have to be kidding me.

    --
    If I had created the world I wouldn't have messed about with butterflies and daffodils. I would have started with lasers
  7. Re:Just like Linux by Anonymous Coward · · Score: 1, Funny

    I'm using NoScript and Adblock Plus so I'm not worried.

  8. Interesting by improfane · · Score: 3, Funny

    Guys, I'm trying to decide what to post:

    [ ] Downplay how serious flaw is
    [ ] Compare to Window's track record
    [x] Make a meta-reference to Slashdot psychology
    [ ] Post work-around that doesn't fix problem
    [ ] Say that flaw is a feature
    [ ] bash Windows
      [ ] Claim that not all Windows software is bad
    [ ] Claim that the more popular gets, Linux will be targeted more
    [ ] Pretend I understand the problem ...or we could RFA

    --
    Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
  9. Re:Double standards by jelle · · Score: 2, Funny

    but, erm...

    You're right...

    I should have had that coffee first...

    --
    --- Hindsight is 20/20, but walking backwards is not the answer.
  10. Re:Serious bug in gcc? by RightSaidFred99 · · Score: 2, Funny

    Because... so many people know the C language? And you clearly don't?

  11. Re:Double standards by kdemetter · · Score: 3, Funny

    i compiled my kernel using that flag , and now it boots Windows instead.

    --
    Slipping shoelaces ?
  12. Re:Double standards by Tenebrousedge · · Score: 1, Funny

    In contrast programmers for Windows write perfect code every time. They've heard of the concept of 'debugging' but don't see a real need for it. This, and the unwavering efforts of Mr. Ballmer, have had great success in preserving the legacy handed down from Bill Gates: a bug-free OS. Viruses and exploits affect only lesser systems, those unfortunate enough to run some variant of unix.

    Sometimes, when I contemplate the beauty of the Windows source code, my speech centers shut down. I think that if I were ever to meet a Windows dev, blargle blerk grop lorem ipsum bleeble warble whelk!

    'Tis truly a paradise we live in.

    --
    Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.