Language Selection

English French German Italian Portuguese Spanish

Two Vulnerabilities Provide Root Access on Linux

Filed under
Linux
Security

Two new vulnerabilities affecting Linux were uncovered this week that could potentially be used by malicious hackers to gain root privileges.

One vulnerability, which was reported on Tuesday by security firm VSR, arises from a flaw in the implementation of the Reliable Datagram Sockets protocol (RDS) in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel.

Known as CVE-2010-3904, the bug could allow a local attacker to issue specially crafted socket function calls to write arbitrary values into kernel memory and thereby escalate privileges to root, giving the attacker "superuser," administrator status.

rest here




Linux Kernel Update

pcworld.com: A new update to the Linux kernel adds a raft of security features, driver support, and other enhancements without increasing the overall size of the kernel at all.

That's a rarity, given that enhancements in each update have tended over the years to increase the kernel's size. This time around, though, there are a number of improvements that will be visible to users, but without any extra mass.

It won't be long before this new kernel is integrated into most popular Linux distributions. Here are some of the highlights of what users can expect.

Beefed Up Security

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

4MLinux Rescue Edition 10.1 Beta Helps Users with Data Recovery

4MLinux Rescue Edition, a special distribution that includes a wide set of system maintenance and recovery applications, has advanced to version 10.1 Beta and is now ready for testing. Read more

Watch a working Project Ara prototype demonstrated ahead of Spiral 2 reveal

The engineers behind Project Ara are trying to make the last smartphone you'll ever need. Their design for a modular device has users slotting components — a camera, extra storage space, a Wi-Fi connector — into their phones, as and when they need them. It's an ambitious scheme, but engineers working at NK Labs in Boston have already produced a working prototype, which they showed off to modular smartphone evangelist Dave Hakkens during a recent visit. Read more

Interview with Jessica Tallon of PyPump

There are several interesting projects out there which use PyPump. With my day job as a GNU MediaGoblin developer, we're going to be using it as a way of communicating between servers as a part of our federation effort. A great use I've seen is PumpMigrate, which will migrate one pump.io account to another. Another little utility that I wrote over the course of a weekend is p, which was made to be an easy way of making a quick post, bulk uploading photos, or anything you can script with the shell. Read more

Black Lab Education Desktop 6.0.1 to Be Supported Until 2022

There are numerous Linux distributions that are oriented towards education, but you can never have too many in a domain such as this one. It's based on the Black Lab Professional Desktop, which is a very good and powerful solution. Interestingly enough, Black Lab Linux is actually based on Ubuntu, and the latest one uses the 14.04.1 base (Trusty Tahr). Just like the base that is used for this distribution, the desktop environment used is GNOME 3, but with a few extensions to make it somewhat different from the stock version and to provide users with better functionality. One of the most interesting aspects of this operating system is the fact that it has a very long support period, which, in theory, it should end in 2022. Read more