Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Privilege Escalation On All Linux Kernels

Posted by timothy on from the uriah-deems-it-scary dept.

QuesarVII writes "Tavis Ormandy and Julien Tinnes have discovered a severe security flaw in all 2.4 and 2.6 kernels since 2001 on all architectures. 'Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit: an attacker can just put code in the first page that will get executed with kernel privileges.'"

8 of 595 comments (clear)

  1. Re:pwned by lukas84 · · Score: 1, Troll

    What's your point?

  2. Re:It's from April? Really? by alexborges · · Score: 0, Troll

    Oh...

    So it was disclosed the 11th of august and linus has a patch today, HUH?

    There are YEAR OLD bugs with this exact level of danger that microsoft simply has not patched and still refuses to patch.

    Fuck you, I love my os BECAUSE i know beforehand that it will be fixed in no time....

    Windows people are just plain stupid, really.

    --
    NO SIG
  3. Re:Security through Obscurity? by onkelonkel · · Score: 0, Troll

    "ALL SOFTWARE HAS BUGS"

    Not mine. Speak for yourself.

    --
    None of them can see the clouds; The polished wings don't care.
  4. Re:local... remote... by alexborges · · Score: 0, Troll

    No no... not "wordpress". Youd need an exploit in the PHP-Apache stack, not just in a random web app.

    Care to find us one of those tha tis currently unpatched?

    --
    NO SIG
  5. Re:Security through Obscurity? by alexborges · · Score: 1, Troll

    Yes...

    Do YOU know how many undiscovered bugs are in windows?

    NO!

    Because hell, YOU CANT KNOW what you dont have access to. Linux, at least, can be checked and rechecked and sooner or later someone will find the bug.

    In the case of windows, perhaps even now there are tremendous remote root exploits that are being actively used that you dont know about. And if those follow the trends of virii or other exploit info that is available, its probably a number of undisclosed exploits like 100000 larger than all you could find in Linux.

    --
    NO SIG
  6. Re:Security through Obscurity? by alexborges · · Score: 0, Troll

    Yeah. And we still make a better OS than the people that actually get paid to fix them in other oses....

    So pr0n==good programming and bugfixing.

    --
    NO SIG
  7. Re:It's from April? Really? by alexborges · · Score: 0, Troll

    // leeches.c:Aug 11 2009

    August, not april. Where the fuck did you get april from?

    secunia.org

    There is your linky...

    Hell, at least you get PAID for being a MS fanboi.

    --
    NO SIG
  8. Re:pwned by alexborges · · Score: 1, Troll

    No no, not run-of-the-mill: ive hated microsoft for a big while and still find it very, very fun to let people know how this company could'nt care less for the security of their customer's information.

    I like to talk about it specially since MS has contracted some good PR firms to come into slashdot to attempt some trolling that is always easy to spot.

    --
    NO SIG