Language Selection

English French German Italian Portuguese Spanish

Bug in latest Linux gives untrusted users root access

Filed under
Linux
Security

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.

The vulnerability was first reported by Spengler, a developer at grsecurity, a maker of applications that enhance the security of Linux. On October 22, he wrote a proof of concept attack for the local root exploit. Over the past few months, he has emerged as an outspoken critic of security practices followed by the team responsible for the Linux kernel.

Rest Here




More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: Gaming

Pro tip: Find tons of open-source Android software with F-Droid

If you're looking for truly open-source software for the Android platform, you don't have to do a ton of searching or check through licenses from within the Google Play Store. All you have to do is download a simple tool called F-Droid. With this tool, you can download and install apps (from quite a large listing) as easily as you can from the Google Play Store. You won't, however, find F-Droid in the Google Play Store. Instead, you have to download the .apk file and install it manually. Once it's installed, the rest is just a matter of searching for an app and tapping to install. Read more