Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Privileges Through Linux Kernel Bug

Posted by timothy on from the who-needs-windows? dept.

Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler." As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."

4 of 131 comments (clear)

  1. Re:Linux! "It just works!" by nizo · · Score: 1, Troll

    I wonder how many bugs like this are lurking in closed source products, just waiting to be discovered and exploited?

    --
    I Am My Own Worst Enemy
  2. Re:Long live to SUSE??? by Inner_Child · · Score: 1, Troll

    Then why wasn't the patch submitted to mainline six years ago? Or if it was, why did it take so long to get accepted?

    --
    Today is red jello day - all workers must eat all of their red jello. Failure to comply will result in five demerits.
  3. The Beauty of Open by amiga3D · · Score: 1, Troll

    Amazing that SUSE fixed this in it's distro. In the proprietary world they'd still be waiting for the OS maker to fix it. SUSE just fixed it themselves. Many windows bugs could have been fixed but yet remained waiting for years until MS got around to it.

  4. Re:Nothing to see here.... by _Sprocket_ · · Score: 1, Troll

    Because if you don't have a flashy screensaver going, all the black will cause the damn Windows sysadmin to think that port of the KVM is unused and he can swipe it for another box.