Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hole In Linux Kernel Provides Root Rights

Posted by Soulskill on from the everything-old-is-new-again dept.

oztiks writes with this excerpt from The H: "A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system. According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table. Ben Hawkes, who discovered the problem, says the vulnerability can be exploited to execute arbitrary code with kernel rights. ... Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability. The older exploit apparently only needed slight modifications to work with the new hole."

5 of 274 comments (clear)

  1. Re:Serve them right by Anonymous Coward · · Score: 0, Offtopic

    Those of us in the know think you are referring to a UNIX breed...not Linux which was i386...

  2. Doesn't work by 93+Escort+Wagon · · Score: 0, Offtopic

    For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system.

    Something must be wrong with my Linux - this "superuser" account doesn't appear to exist.


    $ su - superuser
    su: user superuser does not exist
    $

    --
    #DeleteChrome
    1. Re:Doesn't work by Runaway1956 · · Score: 0, Offtopic

      Don't you have to create the account if the installer forgets it? That's what I do on all my machines! /end offtopic bullshit response here

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  3. Re:Perhap the kernel's size is becoming too unweil by Lumbre · · Score: 1, Offtopic

    I mean this is what, the third 'reverted' security patch we've heard about in the recent past that needed replacement?

    In other news, direct from Windows Update: "A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it." x10 "A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it." x5 and other misc. vulnerabilities =)

  4. Re:Patch by fnj · · Score: 0, Offtopic

    Patch contains an even worse vulnerability. It renders your system a piece of crap.