Linux Local kernel vulnerability



SANS has a story on another local kernel vulnerability for linux. I’ve got to say that I typically haven’t looked as much at “local” vulnerabilities on this site as I have talked about remote vulnerabilities. Usually local vulnerabilities are flaws that allow a user that’s already logged into a system to escalate their user rights to control the system. So, IF you allow logins for various users, you definitely need to pay attention to local vulnerabilities.


This is essentially the same type of flaw that was used in the Debian development server compromise from what I can gather. A developer had a weak password and that was either broken or guessed (or discovered) by someone…. that “someone” logged in and found that there were some interesting possibilities to get greater access to the machine.

This vulnerability seems to be in the current kernel release, although SELinux seems to block the exploit – soooooo…. Linuxi that employ SELinux should be less at risk.

Related Posts

Blog Traffic Exchange Related Posts
  • Multiple Apple updates as Mac goes to version 10.4.8 Apple is fixing 15 security flaws with the 10.4.8 version upgrade of Mac OS X. (There is a second update as well.... Security Update 2006-006). In typical fashion there are a bundle of issues in these updates. Several address remotely exploitable vulnerabilities. According to Incidents.org 10.4.8 addresses the following.... -......
  • Cross browser javascript vulnerability It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec .... "This issue is triggered by utilizing JavaScript 'OnKeyDown' events to capture and duplicate keystrokes from users," and......
  • Sun Java security updates/ Windows software update rant... Incidents.org has the story on Sun's release of new versions of the Java Runtime Environment and the Java SDK to fix some remote security vulnerabilities. These security vulnerabilities could allow malicious, untrusted code to compromise a user's computer. Sun recommends that users update to the newest version of the SDK......
Blog Traffic Exchange Related Websites
  • Gmail Exploit May Lead to Domain Hijacking Hii all Gmail users/lovers, A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com. In his post, Brandon writes that the vulnerability has caused some people to lose their domain names......
  • Shopping at a Perfume Outlet Your local mall probably has at least one perfume outlet. You can find these stores sometimes in strip malls, kiosks and even online. But is it a good idea to shop at a perfume outlet, or are you getting an inferior product for the smaller price tag? A perfume outlet......
  • Zopa US is Dead I hope you really like to hear about peer-to-peer lending news. Earlier today, I wrote about how Lending Club opened for business again and just before Prosper died (not in the traditional sense, just closed it's doors for a potentially "several months" while it passes a few steps with the......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site