Language Selection

English French German Italian Portuguese Spanish

Critical Linux vulnerability imperils users, even after “silent” fix

Filed under
Linux
Security

For years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.

The severity of the bug, which resides in the Linux kernel's "perf," or performance counters subsystem, didn't become clear until Tuesday, when attack code exploiting the vulnerability became publicly available (note: some content on this site is not considered appropriate in many work environments). The new script can be used to take control of servers operated by many shared Web hosting providers, where dozens or hundreds of people have unprivileged accounts on the same machine.

rest here




More in Tux Machines

Compact IoT gateway runs Yocto Linux on Quark

Advantech is prepping an Intel Quark based IoT gateway that runs Yocto Linux and offers PoE support. mini-PCIe expansion, and web-based device management. Read more

Review: Linux Mint 17.2 Release is Refreshed and Faster

Linux Mint 17.2 "Rafaela" MATE was launched last week and, as usual, I installed it on my machines to see how this distro is progressing. I found a refreshed, faster and more feature-rich distro that's well worth trying. Read more

Samsung to train India’s Telangana youth in Tizen Tech

As part of the spread of Tizen education in India, Samsung will train the youth of the Telangana Academy on innovative digital technologies based on the Tizen operating system. Read more

Jolla cuts hardware biz loose to concentrate on Sailfish licensing

Hardware and software outfit Jolla is to give up making hardware, with that part of the business set to be taken on by a new, yet-to-be-announced company, with Jolla then concentrating on its Sailfish OS. Read more