Slashdot Mirror


Root Privileges Through Linux Kernel Bug

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

6 of 131 comments (clear)

  1. Re:Linux! "It just works!" by nomadic · · Score: 5, Funny

    Indeed, 5 years old and no exploit. Patched several years ago by the distros. The question is why didn't it get back into the kernel tree.

    Why not ask the kernel developers? Nah, I'm not just joking, don't ask those nutjobs anything, they'll just freak out and start yelling at you.

  2. Re:Nothing to see here.... by Beelzebud · · Score: 3, Funny

    "Nothing to see here....." says Lt. Frank Drebin, as the fireworks factory behind him burns to the ground.

  3. Re:ZOMG!!! by GameboyRMH · · Score: 4, Funny

    Cut the guy a break, he's a Windows fanboy. He probably thinks a local user is just anyone in the same geographic region.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  4. Re:Nothing to see here.... by Warll · · Score: 4, Funny

    He's right, real men don't look at explosions.

  5. Re:Tuesday by Gadget_Guy · · Score: 4, Funny

    At least we don't have to wait for four Tuesdays' time for the fix...

    No, we had to wait over 300 Tuesdays for the fix to the kernal. That's 75 times better!

  6. Obligatory... by Pete+Venkman · · Score: 4, Funny

    This won't be a problem for me since I don't run Linux.

    Now the shoe's on the other foot!