Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Linux Kernel Flaw Allows Null Pointer Exploits

Posted by Soulskill on from the recipe-for-fun dept.

Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. Threatpost.com reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"

9 of 391 comments (clear)

  1. Re:Double standards by infolation · · Score: 5, Funny

    This language is called Pedantry. A pedant pedantically peddles english into pedanticism.

  2. Re:I always disable those by 140Mandak262Jamuna · · Score: 4, Funny

    They create vulnerabilities by allowing remote code to overload error handlers and thus pwn your system?

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  3. Re:Just don't use that version by INT_QRK · · Score: 2, Funny

    don't know why but "uname -a" was replaced by ">" in my above post...something I did

  4. Re:Double standards by ivucica · · Score: 2, Funny

    gcc -pedantic $@

  5. Re:Double standards by alnjmshntr · · Score: 4, Funny

    Right... Because Microsoft are really losing sleep over the negative comments posted on slashdot, so they have assembled a crack team of slashdotters to game the moderation system in their favour.

    You have to be kidding me.

    --
    If I had created the world I wouldn't have messed about with butterflies and daffodils. I would have started with lasers
  6. Interesting by improfane · · Score: 3, Funny

    Guys, I'm trying to decide what to post:

    [ ] Downplay how serious flaw is
    [ ] Compare to Window's track record
    [x] Make a meta-reference to Slashdot psychology
    [ ] Post work-around that doesn't fix problem
    [ ] Say that flaw is a feature
    [ ] bash Windows
      [ ] Claim that not all Windows software is bad
    [ ] Claim that the more popular gets, Linux will be targeted more
    [ ] Pretend I understand the problem ...or we could RFA

    --
    Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
  7. Re:Double standards by jelle · · Score: 2, Funny

    but, erm...

    You're right...

    I should have had that coffee first...

    --
    --- Hindsight is 20/20, but walking backwards is not the answer.
  8. Re:Serious bug in gcc? by RightSaidFred99 · · Score: 2, Funny

    Because... so many people know the C language? And you clearly don't?

  9. Re:Double standards by kdemetter · · Score: 3, Funny

    i compiled my kernel using that flag , and now it boots Windows instead.

    --
    Slipping shoelaces ?