Slashdot Mirror

← Back to Stories (view on slashdot.org)

5-Year-Old Linux Kernel Bug Fixed

Posted by Soulskill on from the must-have-been-union dept.

rastos1 sends in a report about a significant bug fix for the Linux kernel (CVE-2014-0196). "'The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device. 'This is the first serious privilege escalation vulnerability since the perf_events issue (CVE-2013-2049) in April 2013 that is potentially reliably exploitable, is not architecture or configuration dependent, and affects a wide range of Linux kernels (since 2.6.31),' Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. 'A bug this serious only comes out once every couple years.' ... While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers, Rosenberg said."

8 of 127 comments (clear)

  1. This is the problem with Linux Security by metrix007 · · Score: 3, Insightful

    Linux and Greg K-H have both gone on record saying that security issues are just another type of bug, and don't deserve any type of special treatment.

    This is crap. A bug that allows remote code execution or even a DoS is a much, much bigger issues than fixing the user experience or minor stability issues.

    When you don't assign the significant to security issues that they deserve, they go unpatched for 5 years.

    It's kind of a concern.

    --
    If you ignore ACs because they are anonymous - you're an idiot.
    1. Re:This is the problem with Linux Security by waddgodd · · Score: 1, Insightful

      Well, in a normal situation, I'd say yes, but Linux's response to all bugs is similar, patch it as soon as there's a good patch. Now if it were a certain company in Redmond that scales its response based on customer "value", yeah, security bugs had best get fast-tracked. I honestly prefer the "fix all bugs and don't embargo fixes" response that linux does to the "when we discover bugs (heartbleed), we'll let the Cool Kids in on it first and then release it weeks later to the average user" response that Google does

      --
      Just because you're paranoid doesn't mean they aren't out to get you
    2. Re:This is the problem with Linux Security by Microlith · · Score: 3, Insightful

      It's already trivial to do that. What would "clearly marking them as security vulnerabilities" gain?

    3. Re:This is the problem with Linux Security by Bryan+Ischo · · Score: 4, Insightful

      Taking off-topic potshots against FOSS in response to a misinformed post which incorrectly describes the date of the bug report in response to a post which inaccurately maligns the attitude of kernel developers towards security bugs?

      For fuck's sake, we're three levels deep in FUD here. Someone throw me a rope so I can pull myself out of this quagmire of bullshit.

  2. This is the problem with Windows Security by Anonymous Coward · · Score: 1, Insightful

    count the # of remote exploits patches in each version of Windows and how many years between patches where the OS was vulnerable.

    1. Re:This is the problem with Windows Security by Anonymous Coward · · Score: 0, Insightful

      count the # of remote exploits patches in each version of Windows and how many years between patches where the OS was vulnerable.

      Yep, standard response of the Linux zealot: Problem with Linux? Point out a problem in Windows!
      Great way to handle it bud!

    2. Re:This is the problem with Windows Security by Anonymous Coward · · Score: 0, Insightful

      Ah yes, a bug for the Linux kernel shows up and a coward uses Windows as a benchmark. Nice job. it may not be good dog food, but at least it is better than Windows.

  3. Re:OpenBSD time... by vux984 · · Score: 1, Insightful

    Compared to Hartbleed and this, I don't know of any of similar critical level and impact.

    Any remotely exploitable bug that allows for remote code execution / priviledge escalation without user interaction is just as bad or worse.

    After all, heartbleed was "just" a remotely exploitable memory "leak"; but if you have remote code execution, you can scan the memory and send home anything interesting; to the same effect as heartbleed, plus anything else you might want to do once you are running on the system.

    Windows XP early on (until SP1 or 2?) was remotely exploitable in this way as I recall. And there have been other exploits just as bad over the years.

    Heartbleed was a big deal but its not singularly bad. There's been others before it.