Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux X.org Critical Security Flaw Silently Patched

Posted by CmdrTaco on from the pay-no-attention dept.

eldavojohn writes "On June 17th, the X.org team was notified by Invisible Things Lab of a critical security flaw (PDF) that affected both x86_32 and x86_64 platforms. The flaw deals with escalated privileges of a user process that has access to the X server. The founder of ITL said of the flaw, 'The attack allows a (unpriviliged) user process that has access to the X server (so, any GUI application) to unconditionally escalate to root (but again, it doesn't take advantage of any bug in the X server!). In other words: any GUI application (think e.g. sandboxed PDF viewer), if compromised (e.g. via malicious PDF document) can bypass all the Linux fancy security mechanisms, and escalate to root, and compromise the whole system.' This has apparently been a security flaw since kernel 2.6 was released. From the article, 'On 13 August, Linus Torvalds committed an initial fix, but several patches were added afterward for various reasons. The problem has been addressed in versions 2.6.27.52, 2.6.32.19, 2.6.34.4 and 2.6.35.2 of the kernel.'"

7 of 259 comments (clear)

  1. Convenient by rotide · · Score: 5, Funny

    So, I'm supposed to click a link to read a PDF about a PDF flaw. You sly boots!

    1. Re:Convenient by blair1q · · Score: 2, Funny

      Just click the popup telling you that your PC is infected. That'll fix it.

    2. Re:Convenient by Abstrackt · · Score: 3, Funny

      Came here to post the same!

      Came here to post something completely different! (I just like the attention)

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  2. Re:What I suggest to people by stagg · · Score: 5, Funny

    You do realize that Mac is built on a FreeBSD kernel?

    Macs can't be exploited. That's why people paid to get into the walled garden, it's safe in there. LA LA LA LA LA LA I CAN'T HEAR YOU.

  3. Re:What I suggest to people by DarkKnightRadick · · Score: 2, Funny

    pedant*

    Unless you are actually a piece of jewelery.

    --
    "There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
  4. Take no chances by chrisdotwood · · Score: 1, Funny

    I would advise everyone to follow my lead and go back to Windows 98 to keep themselves safe

  5. Your posts are merely proving OP wrong. by Anonymous Coward · · Score: 1, Funny

    Your posts are merely proving OP wrong. Because Odies asked : "Do you honestly think that Microsoft would do nothing if there was a non-patched privilege escalation exploit in Windows?"

    You've counted 10.

    That would, by the way, be 10 WE KNOW ABOUT.
    Now, unless you have windows source and have tested it as thoroughly as devs tested X.Org code, you cannot say there are NO more vulnerabilities.

    But can you count how many there are?

    No.

    Therefore, since they can't be counted, what are they?

    Countless.