Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Privileges Through Linux Kernel Bug

Posted by timothy on from the who-needs-windows? dept.

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

14 of 131 comments (clear)

  1. Long live to SUSE??? by stanlyb · · Score: -1, Troll

    So, is he trying to say that only SUSE is protected, and bug free, and hack free, and.........what is the reason to not have this fix in main kernel tree? For me, it sounds like some very nasty and dirty war.

    1. Re:Long live to SUSE??? by Inner_Child · · Score: 1, Troll

      Then why wasn't the patch submitted to mainline six years ago? Or if it was, why did it take so long to get accepted?

      --
      Today is red jello day - all workers must eat all of their red jello. Failure to comply will result in five demerits.
  2. Wait... what? by Dumnezeu · · Score: 0, Troll

    I don't understand TFH / TFS / TFA. Are we talking about local privilege escalation by overwriting the memory space owned by processes running as root?

    --
    Yes, it's sarcasm. Deal with it!
  3. Re:Linux! "It just works!" by nizo · · Score: 1, Troll

    I wonder how many bugs like this are lurking in closed source products, just waiting to be discovered and exploited?

    --
    I Am My Own Worst Enemy
  4. Re:Unrelated? The PDFs are the same! by Anonymous Coward · · Score: 0, Troll
    Not really.

    Microsoft marketing's pissed that Slashdot is discussing 40 currently exploitable Windows vulnerabilities, so they've paid the Slashdot shills to dupe the Linux vuln at least 40 times.

    And, you might note they're STILL discussing Linux in the Windows thread....

  5. Re:Unrelated? The PDFs are the same! by Anonymous Coward · · Score: -1, Troll

    These bugs are further proof of Linux's underlying homosexuality. If the developers weren't so busy taking turns tea-bagging each other, the bugs would have been fixed sooner or never been there in the first place. It just goes to show what you get from a bunch of queers writing software. Using Linux will make you gay. That's the real reason Linux is given away for free.

  6. Re:Nothing to see here.... by Anonymous Coward · · Score: -1, Troll

    Not really,

    look at SuSe management after Novell has taken over , and their support to end customers . Lets talk after that.

  7. ZOMG!!! by Schnoogs · · Score: -1, Troll

    Windows is so unsafe!! Linux is so much better. Micro$oft is evil...their software is buggy. Linux is teh best eva. Linux + firefox is for real users. Windows and IE are for people who want to get hacked!!!!

    ZOMG!!!! Windows is so lame!! Linux is teh best eva made and is so uber smart to use!!!

    1. Re:ZOMG!!! by LingNoi · · Score: 0, Troll

      And just 4 days after you posted this, this happens.. Windows DLL Vulnerability Exploit In the Wild. The best part being, the linux security bug got fixed already, whereas the windows exploit is already out there on machines and makes 1000s of windows apps insecure.

      Just enough time for me to come back and gloat. Linux 1, Windows 0.

  8. The Beauty of Open by amiga3D · · Score: 1, Troll

    Amazing that SUSE fixed this in it's distro. In the proprietary world they'd still be waiting for the OS maker to fix it. SUSE just fixed it themselves. Many windows bugs could have been fixed but yet remained waiting for years until MS got around to it.

  9. Re:Nothing to see here.... by h4rr4r · · Score: 0, Troll

    Why is X on a server?

    Sounds like something a windows user/sysadmin would do.

  10. Re:Nothing to see here.... by _Sprocket_ · · Score: 1, Troll

    Because if you don't have a flashy screensaver going, all the black will cause the damn Windows sysadmin to think that port of the KVM is unused and he can swipe it for another box.

  11. mpa8e by Anonymous Coward · · Score: -1, Troll

    minutes. At home, sales and so On, aNd some of the Fortunately, Linux company a 2 a super-organised those uber-asshole another troubled FROM THE FREEBSD

  12. Re:Nothing to see here.... by Americano · · Score: 0, Troll

    You see, in the real world, not everything is as pretty as your MS project plan.

    Somebody using the term "managing task dependencies," comparing a sysadmin to a Dilbert-style PHB? That's fucking rich.