Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Privilege Escalation On All Linux Kernels

Posted by timothy on Thursday August 13, 2009 @08:54AM from the uriah-deems-it-scary dept.

QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"

1 of 595 comments (clear)

Min score:

Reason:

Sort:

Re:Security through Obscurity? by ckaminski · 2009-08-13 09:38 · Score: 1, Redundant

Yes, it's called hardware level paging, and it's been around for 20+ years. This is a known problem. The problem is from how the exceptional condition (null pointer access) is handled by the kernel, and not the fact that NULL was called. The OS knows EVERY memory access that requires a page to be fetched from disk, that's a function of the memory management unit, and can be told of every access that tries to access an unmapped memory location. This isn't state of the art, this stuff is old hat (Linux and Windows).

So it's an OS bug, through and through, and yes, it's been fixed. Joy.