Local Privilege Escalation On All Linux Kernels

← Back to Stories (view on slashdot.org)

Local Privilege Escalation On All Linux Kernels

Posted by timothy on Thursday August 13, 2009 @08:54AM from the uriah-deems-it-scary dept.

QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"

28 of 595 comments (clear)

Ahh... by clone53421 · 2009-08-13 08:31 · Score: 5, Funny

So that's what the NULL pointers were for.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
I'm safe! by Anonymous Coward · 2009-08-13 08:31 · Score: 5, Funny

I use Windows!
1. Re:I'm safe! by dgatwood · 2009-08-13 08:57 · Score: 4, Funny
  
  Once again, my 2.0 Linux kernel is safe!
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
2. Re:I'm safe! by Bandman · 2009-08-13 09:07 · Score: 3, Funny
  
  Excellent. My old 2.2-based Slack 8 boxes should be fine, too.
  Can't trust that new-fangled 2.4 stuff. USB support? Who needs it!
  
  --
  Check out my sysadmin blog!
I can hear the OpenBSD users laughing already... by thenextstevejobs · 2009-08-13 08:37 · Score: 5, Funny

Or I would be able to, if there were any

--
Long live the BSD license
Re:Guest accounts by Anonymous Coward · 2009-08-13 08:59 · Score: 1, Funny

Seems to work just fine on your box . . .
Re:I can hear the OpenBSD users laughing already.. by frn123 · 2009-08-13 09:02 · Score: 5, Funny

Sure there are. And they are both laughing.
QUICK by Anonymous Coward · 2009-08-13 09:07 · Score: 1, Funny

everyone go hax the internets! rootkit everything!!!
Re:Local Privilege Escalation On All Linux Kernels by quarterbuck · 2009-08-13 09:09 · Score: 3, Funny

A sledgehammer is a Denial of Service - Unless you aim it at the head of the operator and threaten to use it.

--
http://slashdot.org/submission/1062723/Cheap-mobile-data-plan?art_pos=2
Re:I can hear the OpenBSD users laughing already.. by Anonymous Coward · 2009-08-13 09:19 · Score: 2, Funny

... I don't get it... Stallman uses Linux...
Re:pwned by MaskedSlacker · 2009-08-13 09:19 · Score: 4, Funny

Well by that logic 99% of windows users haven't used a real windows machine either.
Re:Security through Obscurity? by freeweed · 2009-08-13 09:22 · Score: 4, Funny

Your post got modded up, too.

--
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Re:pwned by Bandman · 2009-08-13 09:24 · Score: 3, Funny

Yeah, I know, I nearly cancelled the post after I wrote it.
Desktop Windows /is/ Windows, but Windows Servers are far more inherently secure than Windows Desktops, simply by the way that they're operated. It was a bad comment.

--
Check out my sysadmin blog!
Re:pwned by amicusNYCL · 2009-08-13 09:36 · Score: 5, Funny

Aw, cheer up little guy. I thought it was a very nice comment.

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
"Many eyes", but all of them nearsighted? by Petersko · 2009-08-13 09:36 · Score: 5, Funny

And from all across the globe came the sound of geeks crying, for they would soon see their beloved "uptime" reset to zero.
Re:It's from April? Really? by Verdatum · 2009-08-13 09:38 · Score: 5, Funny

Yeah, that was my fault. Sorry about that. I knew it was there, I just kept putting off fixing it or telling anyone.
Re:The REAL impact here by rjstanford · 2009-08-13 09:44 · Score: 2, Funny

I don't have any users.
Probably don't need to install the patch then. Or keep the machine powered on, for that matter...

--
You're special forces then? That's great! I just love your olympics!
Re:pwned by Runaway1956 · 2009-08-13 10:42 · Score: 3, Funny

Well - I'm searching for Linux botnets that have been created by this exploit. Searching . . . searching . . . searching . . .
Dang, I'm not finding any.
How about Windows botnets? WOW, will you just look at all of them? http://www.secureworks.com/research/threats/topbotnets/
I sure wish Linux would get off their dead arses and patch this problem. Sure would be nice if they can get it done in less than a month or six, like Windows!! Oh - wait - what? Linus committed a patch correcting this issue on 13th August 2009.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
I guess I'll hold off on pushing the panic button. I see no need to "upgrade" to Windoze, LMAO

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Re:pwned by Anonymous Coward · 2009-08-13 11:24 · Score: 2, Funny

This is the windows newbs one chance to stick it to the Unix guys, don't fuck this day up for them!
Re:The REAL impact here by Exception+Duck · 2009-08-13 11:27 · Score: 2, Funny

You must be mistaken. rjstanford is the computer.

--
Exception Duck - may or may not contain chicken.
Re:pwned by alexborges · 2009-08-13 11:43 · Score: 4, Funny

Thats what I get for sending you to do the math. Im still too lazy to go check it out and look at methods, years and the rest.
||sarcasm|| I take your analysis as true and hereby declare that windows has been exploited lesser than linux, has less malware against and is inherently less prone to attack than linux or turning into a braindead spamzombie than linux. ||end sarcasm||
Happy?

--
NO SIG
Re:pwned by Dragonslicer · 2009-08-13 12:03 · Score: 4, Funny

Windows Servers are far more inherently secure than Windows Desktops, simply by the way that they're operated.
Wait, what?
If Windows is your metric by synthesizerpatel · 2009-08-13 12:03 · Score: 2, Funny

Linux is ready for the desktop!
Re:pwned by beav007 · 2009-08-13 13:44 · Score: 5, Funny

Of course, as this only affects 2.4 and 2.6, users of Debian stable should have no reason to worry.

See? All that testing is worth it after all!
Re:Eyes Wide Shut by Anonymous Coward · 2009-08-13 18:34 · Score: 1, Funny

Because we fix it when someone finally notices it after eight years and then hush up so no one will know we didn't notice it for eight years and then when someone notices that we didn't notice it for eight years and makes everyone aware of that we then try to minimize the impact by saying "We fix it instead of hushing it up until it becomes fairly well known and then waiting a month to fix it" instead of hushing it up until it becomes fairly well known and then waiting a month to fix it.
FTFY
And... He is also a politician! by Anonymous Coward · 2009-08-13 20:36 · Score: 1, Funny
nobody (the apache account) is a local user.
That nobody guy is really smart.
I often tell people that nobody is smarter than me.
Vote for Nobody!
- Nobody will keep election promises!
- Nobody will listen to your concerns!
- Nobody will help the poor and unemployed!
- Nobody cares!
- If Nobody is elected, things will be better for everyone!
Nobody tells the truth!
(http://thecynicaleconomist.com/wp-content/uploads/2009/07/vote_nobody.jpg)
Re:pwned by maxwell+demon · 2009-08-13 20:39 · Score: 4, Funny

But it wasn't a real "no true scotsman" fallacy. After all, it didn't involve a scotsman. :-)

--
The Tao of math: The numbers you can count are not the real numbers.
Re:local... remote... by jonaskoelker · 2009-08-13 21:40 · Score: 2, Funny

I broke into nobody's account and took a peek at their files. Look what I found:
$ ls -l -rwx------ 1 nobody nobody 12542 1000-07-24 12:45 predict_spanish_inquisition