Linux kernel security vuln fixed
Linux users are urged to patch their systems following yesterday's disclosure of a serious security vulnerability in Linux kernel software.
The flaw stems from shortcomings in code used to control virtual memory (the mremap(2) system call)and can be exploited to run malicious code on vulnerable systems (as explained here).
Polish security outfit iSEC, which discovered the vuln, warns that "proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access".
The flaw affects the 2.2, 2.4 and 2.6 series Linux kernel, according to iSEC. Even though exploiting the vulnerability is far from straightforward, proof-of-concept exploit code has been created for the 2.4 kernel.
Leading Linux distros such as SuSE and Red Hat patched the kernel software in their packages yesterday. Users are encouraged to patch vulnerable systems at their earliest convenience. ®