Language Selection

English French German Italian Portuguese Spanish

Bug in latest Linux gives untrusted users root access

Filed under
Linux
Security

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.

The vulnerability was first reported by Spengler, a developer at grsecurity, a maker of applications that enhance the security of Linux. On October 22, he wrote a proof of concept attack for the local root exploit. Over the past few months, he has emerged as an outspoken critic of security practices followed by the team responsible for the Linux kernel.

Rest Here




More in Tux Machines

France: ‘tax source code will be made public’

France’s tax department is willing to make the source code available for its income tax software system, says Axelle Lemaire, minister responsible for Digital Affairs. However, preparation takes time, she told April, France’s free software advocacy group, last month. Read more

Simplicity Linux 15.7 Comes at the End of July with Linux Kernel 4.0

David Purse from the development team of Simplicity Linux, a distribution derived from LXPup and built around the LXDE desktop environment, has announced the release of the first Beta build towards the final version of Simplicity Linux 15.7. Read more

Linux Kernel 3.14.46 LTS Has ARM and ARM64 Improvements, Updated Drivers

After announcing the release of the Linux kernel 4.1.1, Linux kernel 4.0.7, and Linux kernel 3.10.82 LTS, Greg Kroah-Hartman also published details about a new maintenance release of the Linux 3.14 kernel branch. Read more

Google open-sources its software for making trippy images with deep learning

The deepdream project is now available on GitHub. The project relies on the open-source Caffe deep learning framework. Deep learning involves training artificial neural networks on a large pile of data — for example, pictures of geese — and then throwing them a new piece of data, like a picture of an ostrich, to receive an educated guess about it. Read more