Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Privileges Through Linux Kernel Bug

Posted by timothy on from the who-needs-windows? dept.

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

9 of 131 comments (clear)

  1. Wait... what? by Dumnezeu · · Score: 0, Troll

    I don't understand TFH / TFS / TFA. Are we talking about local privilege escalation by overwriting the memory space owned by processes running as root?

    --
    Yes, it's sarcasm. Deal with it!
  2. Re:Linux! "It just works!" by nizo · · Score: 1, Troll

    I wonder how many bugs like this are lurking in closed source products, just waiting to be discovered and exploited?

    --
    I Am My Own Worst Enemy
  3. Re:Unrelated? The PDFs are the same! by Anonymous Coward · · Score: 0, Troll
    Not really.

    Microsoft marketing's pissed that Slashdot is discussing 40 currently exploitable Windows vulnerabilities, so they've paid the Slashdot shills to dupe the Linux vuln at least 40 times.

    And, you might note they're STILL discussing Linux in the Windows thread....

  4. Re:Long live to SUSE??? by Inner_Child · · Score: 1, Troll

    Then why wasn't the patch submitted to mainline six years ago? Or if it was, why did it take so long to get accepted?

    --
    Today is red jello day - all workers must eat all of their red jello. Failure to comply will result in five demerits.
  5. The Beauty of Open by amiga3D · · Score: 1, Troll

    Amazing that SUSE fixed this in it's distro. In the proprietary world they'd still be waiting for the OS maker to fix it. SUSE just fixed it themselves. Many windows bugs could have been fixed but yet remained waiting for years until MS got around to it.

  6. Re:Nothing to see here.... by h4rr4r · · Score: 0, Troll

    Why is X on a server?

    Sounds like something a windows user/sysadmin would do.

  7. Re:Nothing to see here.... by _Sprocket_ · · Score: 1, Troll

    Because if you don't have a flashy screensaver going, all the black will cause the damn Windows sysadmin to think that port of the KVM is unused and he can swipe it for another box.

  8. Re:Nothing to see here.... by Americano · · Score: 0, Troll

    You see, in the real world, not everything is as pretty as your MS project plan.

    Somebody using the term "managing task dependencies," comparing a sysadmin to a Dilbert-style PHB? That's fucking rich.

  9. Re:ZOMG!!! by LingNoi · · Score: 0, Troll

    And just 4 days after you posted this, this happens.. Windows DLL Vulnerability Exploit In the Wild. The best part being, the linux security bug got fixed already, whereas the windows exploit is already out there on machines and makes 1000s of windows apps insecure.

    Just enough time for me to come back and gloat. Linux 1, Windows 0.