Local Privilege Escalation On All Linux Kernels
QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"
I don't know what do you mean with Obscurity.
For me obscurity is closed source code. It's to try to hide vulnerabilities from the public to argue that it's more safe.
Obscurity for me definitely isn't posting a patch in the same day that the vulnerability is discovered.
(...) Ubuntu (...) more stable (...) more stable (...)
FAIL.
you are all fat virgins and fap to anime all day and have aspergers syndrome.
Since there seems to be some confusion, let me help:
From Webster:"shrouded in or hidden by darkness c : not clearly seen or easily distinguished : faint 2 : not readily understood or clearly expressed"
We only know that Tavis Ormandy and Julien Tinnes discovered it the day before the patch came out. Hackers, who by definition operate in obscurity, may have known about it earlier. The fact that Travis and Julien found it after eight years pretty much means that the flaw existed in obscurity.
We hope.
You are welcome on my lawn.
What does that have to do with anything? Are you pretending to claim that windows has less vulnerabilities than Linux now?
Buzz off, little worker bee, its simply not the case: this happens once every, say, couple to four years in Linux. Microsoft has one of this bugs every couple of sundays.
NO SIG
I already told you who the fan boy was, fan boy. Sheesh, pay attention. You've refuted nothing and simply made yourself look even more foolish, kid. Security through obscurity depends on the fact of nobody knowing, which was the original poster's point, to which you replied with such a complete inanity that I felt compelled to mock you.
So, the time it took the mainstream to discover the exploit DOES matter, doesn't it? Yeah.
Oh. My. God. It keeps getting stupider as we watch! Nobody said anything about physical access, I said local access, yes, which includes ssh. But how are you going to ssh in without an account? That's what makes it LOCAL. This is a privilege escalation, not a remote exploit. Learn the difference. Sure, for ISPs running shared, non-VM based servers, this could be a problem. Heck, it could be a problem for me if my developers knew their ASCII from a hole in the ground and had any reason to want to gain root on our systems. But is it the kind of problem that will turn your computer into a zombie ten minutes after you hook it up to the Internet? No, and that's my point.
Now, where can I send the bill for your education?
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Go, fanboy, go!
Yay, fanboy, yay!
Fetch, fanboy, fetch!
And stay off my lawn, ya damn hippy fanboy!
How can they all be rootkitted if its a local root exploit, not a remote one.
NO SIG
Read the article, fanboy. Bug has been around for EIGHT FUCKING YEARS. Was reported in APRIL OF THIS YEAR. Was fixed TODAY. Hello? As for the Windows claim, linky linky Fanboy!
Ah...
How the hell can you mod if youre posting? Do you keep an extra account with modpoints somewhere or get help from friends? Wow, pretty sophisticated.
Or do we have a bitch ass whiner account now @ /. to report "offensive" posts? It would be a crappy day for me if this was the case.
And no. You like to tag me as a fanboi because of what I said. Here:
Oh...
So it was disclosed the 11th of august and linus has a patch today, HUH? GOOD THING: QUICK PATCH
There are YEAR OLD bugs with this exact level of danger that microsoft simply has not patched and still refuses to patch. ABSOLUTE TRUTH TO ANYONE IN THE SECURITY INDUSTRY
Fuck you, I love my os BECAUSE i know beforehand that it will be fixed in no time.... For this case, even you say im right
Windows people are just plain stupid, really. I dont think YOU are a windows user, I pitty you if you are forced to be one.
NO SIG
You were the one who made the original claim. Methinks it's you that should go to secunia and do the math.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
General law of Slashdot: the lower your userID the higher the chance you are a virgin. Nicely completes your arrogant behaviour. Try to be this cool in 'real life' too, fool.