Linux Local kernel vulnerability



SANS has a story on another local kernel vulnerability for linux. I’ve got to say that I typically haven’t looked as much at “local” vulnerabilities on this site as I have talked about remote vulnerabilities. Usually local vulnerabilities are flaws that allow a user that’s already logged into a system to escalate their user rights to control the system. So, IF you allow logins for various users, you definitely need to pay attention to local vulnerabilities.


This is essentially the same type of flaw that was used in the Debian development server compromise from what I can gather. A developer had a weak password and that was either broken or guessed (or discovered) by someone…. that “someone” logged in and found that there were some interesting possibilities to get greater access to the machine.

This vulnerability seems to be in the current kernel release, although SELinux seems to block the exploit – soooooo…. Linuxi that employ SELinux should be less at risk.

Related Posts

Blog Traffic Exchange Related Posts
  • Linux Kernel ptrace local DoS vulnerability There's a local Denial of Service vulnerability in the linux kernel's ptrace function according to secunia.com. It reportedly is present in kernel's prior to 2.6.14.2 and is listed as a non-critical vulnerability. (However any security vulnerability should be treated seriously.) 2.6.14.2 is safe and fixes the vulnerability. The vuln was......
  • Cross browser javascript vulnerability It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec .... "This issue is triggered by utilizing JavaScript 'OnKeyDown' events to capture and duplicate keystrokes from users," and......
  • Microsoft was aware of the WMF vulnerability "for years" Bugtraq has an interesting post which picks up on a note in Stephen Toulouse's latest entry on the WMF vulnerability. When I first read the post I was more interested in the way he was responding to allegations of the flaw being an intentional backdoor, but the above bugtraq post......
Blog Traffic Exchange Related Websites
  • Zopa US is Dead I hope you really like to hear about peer-to-peer lending news. Earlier today, I wrote about how Lending Club opened for business again and just before Prosper died (not in the traditional sense, just closed it's doors for a potentially "several months" while it passes a few steps with the......
  • Shopping at a Perfume Outlet Your local mall probably has at least one perfume outlet. You can find these stores sometimes in strip malls, kiosks and even online. But is it a good idea to shop at a perfume outlet, or are you getting an inferior product for the smaller price tag? A perfume outlet......
  • iPhone Jailbreaking: Security Concern or Not? Charlie Miller of Tipb.com stated, “Turns out that if you jailbreak your iPhone you remove most of the Apple’s security protections — 80% to be exact — and are vulnerable to attacks.” That statement seems to resonate across the cell phone app community when discussing the adverse effects of......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site