Linux kernel security vuln fixed
PrintGet patching
Posted in Security, 6th January 2004 16:03 GMT
Free whitepaper – Vulnerability management buyer's checklist
Linux users are urged to patch their systems following yesterday's disclosure of a serious security vulnerability in Linux kernel software.
The flaw stems from shortcomings in code used to control virtual memory (the mremap(2) system call)and can be exploited to run malicious code on vulnerable systems (as explained here).
Polish security outfit iSEC, which discovered the vuln, warns that "proper exploitation of this vulnerability may lead to local privilege escalation including execution of arbitrary code with kernel level access".
The flaw affects the 2.2, 2.4 and 2.6 series Linux kernel, according to iSEC. Even though exploiting the vulnerability is far from straightforward, proof-of-concept exploit code has been created for the 2.4 kernel.
Leading Linux distros such as SuSE and Red Hat patched the kernel software in their packages yesterday. Users are encouraged to patch vulnerable systems at their earliest convenience. ®
External Links
Linux kernel privilege escalation vulnerability advisory from iSEC
Related Stories
So when will Linux vendors charge for security fixes?
Linux kernel backdoor blocked
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Enabling the Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive