Linux kernel vuln reloaded
PrintEscalation of privileges
Posted in Security, 8th March 2004 20:51 GMT
Free whitepaper – Optimizing the data center for cost and efficiency
Security researchers have discovered a potentially serious security vulnerability within a Linux kernel memory management module.
The vulnerability is not remotely executable but it does allow privilege escalation. A hacker who obtains access to a local PC could be able to root a box.
At fault is a bug with the mremap(2) system sub-process, which was subject to an unrelated (but also significant) security problem a few weeks ago.
At risk this time around are versions of the Linux kernel from 2.2 up to and including 2.2.25; 2.4 up to and including 2.4.24; 2.6 up to and including 2.6.2.
Exploitation of the latest flaw is straightforward, according to Polish white hat hackers iSec, which unearthed both problems. But don't get too alarmed - there's no evidence that the vuln has been used in anger.
Users should patch all vulnerable systems as soon as appropriate vendor patches are released. Debian, for example, put out an update on the same day as iSec's advisory on Saturday (6 March). ®
Related Stories
Linux kernel security vuln fixed
Linux kernel backdoor blocked
Linux worm attempts to take over insecure servers
Free whitepaper – Power distribution systems for the Dell PowerEdge M1000e Modular Server Enclosure
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Analyst Keynote: The Register Agile Data Center Summit
Enabling the Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive