Local Privilege Escalation On All Linux Kernels

QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"

Local Privilege Escalation On All Linux Kernels

[sofar]

sudo

Please, this is a _local_ privilege escalation. It's not like code red infecting your box remotely. A sledgehammer is also a local privilege escalation.

Re:Local Privilege Escalation On All Linux Kernels

[jandrese]

The thing is, local privilege escalations can become remote privilege escalations when combined with buggy services that allow for code injection. This is especially bad for people who are forced to run services that they don't trust and thus place them in jails, only to discover that if the exploit happens at the kernel level then your jail means nothing.

My guess is that rootkits are being updated as we speak, so get your kernels patched people.

Re:Security through Obscurity?

uh huh..and the 8 years it took to discover don't matter, eh?

Re:pwned

If this were Windows, we'd first hear about it when our machines get owned by some malware, and then it would take months for a patch to be released. Since this is Linux, expect a fix in a week or less.

Re:Security through Obscurity?

[recoiledsnake]

Does this mean that Linux was never more secure than Windows--only more obscure?

It's hardly obscure since they could look and find it, evidenced by the fact they found it.

Go try that with the Windows kernels!

In addition, there is already a patch out for this, which by end of the week will be pushed down from the distro managers. We don't have to wait years after finding it for the fix to be released, as Microsoft historically does.

In fact, why just assume this similar bug is NOT in the windows kernel? Did you check? Did any reputable security company check?
I'm not saying it is there, only that you can't easily prove otherwise.

*that* is the security being spoken of.

As far as I know, only one OS claims no exploits, and that is OpenBSD.

The transparent thing works both ways... it's easier for black hats to find holes too, by your own logic. And they can keep it secret and exploit it as long as they can. A similar bug existing in Windows doesn't prove anything and is irrelevant here. After all 'M$ can't code shit'. Linux and FOSS is commonly claimed to be more secure because of it's development model and bug free here in these parts. Any data that runs counter to this is routinely downplayed by commenters and moderators... just like your post got modded up.

Re:Security through Obscurity?

[jmac_the_man]

Theoretical nefarious hackers who discovered the flaw before Travis and Julien would have been trying to hide it. Just because something isn't known doesn't mean it doesn't exist.

Security through obscurity does mean the thought that that as long as no one knows about it, it's not an issue. Being open source doesn't make you immune to this. What would make you immune to this would be formal testing and security audits of every component, like is done on things like the space shuttle. This is generally prohibitively expensive for situations where actual life and limb danger isn't a factor, which is why no commonly used operating system implements this strict security level. Sure, having a lot of eyes looking at the Linux kernel helps (and it eventually worked in this case) but just being open source doesn't mean it's secure.