Linux Local kernel vulnerability



SANS has a story on another local kernel vulnerability for linux. I’ve got to say that I typically haven’t looked as much at “local” vulnerabilities on this site as I have talked about remote vulnerabilities. Usually local vulnerabilities are flaws that allow a user that’s already logged into a system to escalate their user rights to control the system. So, IF you allow logins for various users, you definitely need to pay attention to local vulnerabilities.


This is essentially the same type of flaw that was used in the Debian development server compromise from what I can gather. A developer had a weak password and that was either broken or guessed (or discovered) by someone…. that “someone” logged in and found that there were some interesting possibilities to get greater access to the machine.

This vulnerability seems to be in the current kernel release, although SELinux seems to block the exploit – soooooo…. Linuxi that employ SELinux should be less at risk.

Related Posts

Blog Traffic Exchange Related Posts
  • Linux Kernel ptrace local DoS vulnerability There's a local Denial of Service vulnerability in the linux kernel's ptrace function according to secunia.com. It reportedly is present in kernel's prior to 2.6.14.2 and is listed as a non-critical vulnerability. (However any security vulnerability should be treated seriously.) 2.6.14.2 is safe and fixes the vulnerability. The vuln was......
  • Debian development server compromise Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can......
  • Mac Wireless driver Security vulnerability revisited A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included......
Blog Traffic Exchange Related Websites
  • Zopa US is Dead I hope you really like to hear about peer-to-peer lending news. Earlier today, I wrote about how Lending Club opened for business again and just before Prosper died (not in the traditional sense, just closed it's doors for a potentially "several months" while it passes a few steps with the......
  • Most Popular and Useful Security Apps for a Smart Phone The following is a post from staff writer Crystal at Budgeting in the Fun Stuff, where she writes about finding the balance between paying your bills, saving for your future, and budgeting in the fun stuff along the way. Buying a smart phone is a major investment because you spend......
  • Gmail Exploit May Lead to Domain Hijacking Hii all Gmail users/lovers, A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com. In his post, Brandon writes that the vulnerability has caused some people to lose their domain names......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site