Slashdot Mirror


Local Privilege Escalation On All Linux Kernels

QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"

2 of 595 comments (clear)

  1. Re:I'm safe! by tenco · · Score: 1, Flamebait

    (...) Ubuntu (...) more stable (...) more stable (...)

    FAIL.

  2. Re:Security through Obscurity? by PopeRatzo · · Score: 1, Flamebait

    I don't know what do you mean with Obscurity.

    Since there seems to be some confusion, let me help:

    From Webster:"shrouded in or hidden by darkness c : not clearly seen or easily distinguished : faint 2 : not readily understood or clearly expressed"

    Obscurity for me definitely isn't posting a patch in the same day that the vulnerability is discovered.

    We only know that Tavis Ormandy and Julien Tinnes discovered it the day before the patch came out. Hackers, who by definition operate in obscurity, may have known about it earlier. The fact that Travis and Julien found it after eight years pretty much means that the flaw existed in obscurity.

    We hope.

    --
    You are welcome on my lawn.