Root Privileges Through Linux Kernel Bug

Posted by timothy on Thursday August 19, 2010 @09:39AM from the who-needs-windows? dept.

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

2 of 131 comments (clear)

Min score:

Reason:

Sort:

Re:Unrelated? The PDFs are the same! by lortho · 2010-08-19 10:13 · Score: 5, Informative

It's because both articles are actually about the Wojtczuk report, and they both mis-quote Joanna Rutkowska as stating the bug is related to Spengler's X-Server flaw. She clarifies in an update to H-Online's version of the article that she was misunderstood and that they are actually unrelated.
Re:Long live to SUSE??? by alanebro · 2010-08-19 11:09 · Score: 5, Informative

Cut my post too short.

"SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel"