Language Selection

English French German Italian Portuguese Spanish

Bug in latest Linux gives untrusted users root access

Filed under
Linux
Security

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.

The vulnerability was first reported by Spengler, a developer at grsecurity, a maker of applications that enhance the security of Linux. On October 22, he wrote a proof of concept attack for the local root exploit. Over the past few months, he has emerged as an outspoken critic of security practices followed by the team responsible for the Linux kernel.

Rest Here




More in Tux Machines

3 Alternatives to the Adobe PDF Reader on Linux

Adobe has pulled the plug on supporting its PDF reader app for Linux. This should come as no surprise, as the last time Adobe Reader for Linux was updated came in May 2013. But until recently, you could at least download and install Reader on your Linux desktop machine. Now? You can’t. If you go to the Adobe Reader site, you’ll find the Linux installer is no longer available. Read more

How OpenStack powers the research at CERN

OpenStack has been in a production environment at CERN for more than a year. One of the people that has been key to implementing the OpenStack infrastructure is Tim Bell. He is responsible for the CERN IT Operating Systems and Infrastructure group which provides a set of services to CERN users from email, web, operating systems, and the Infrastructure-as-a-Service cloud based on OpenStack. Read more

WE’RE HOSTING AN OPENDAYLIGHT HACKFEST IN JAPAN!

The OpenDaylight Project has quickly grown to become a global community, with more than 250 contributors working to advance open SDN and NFV from all corners of the world. This includes 11 ambassadors worldwide and OpenDaylight User Groups (ODLUG) in six cities across three countries. We are excited to host our first OpenDaylight HackFest in Japan in less than two weeks, and the good news is that it’s free to attend. Read more

Debian Project mourns the loss of Peter Miller

The Debian Project recently learned that it has lost a member of its community. Peter Miller died on July 27th after a long battle with leukemia. Peter was a relative newcomer to the Debian project, but his contributions to Free and Open Source Software goes back the the late 1980s. Peter was significant contributor to GNU gettext as well as being the main upstream author and maintainer of other projects that ship as part of Debian, including, but not limited to srecord, aegis and cook. Peter was also the author of the paper "Recursive Make Considered Harmful". The Debian Project honours his good work and strong dedication to Debian and Free Software. The contributions of Peter will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others. Read more