Forgot your password?
typodupeerror
Bug Open Source Operating Systems Security Linux

5-Year-Old Linux Kernel Bug Fixed 127

Posted by Soulskill
from the must-have-been-union dept.
rastos1 sends in a report about a significant bug fix for the Linux kernel (CVE-2014-0196). "'The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device. 'This is the first serious privilege escalation vulnerability since the perf_events issue (CVE-2013-2049) in April 2013 that is potentially reliably exploitable, is not architecture or configuration dependent, and affects a wide range of Linux kernels (since 2.6.31),' Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. 'A bug this serious only comes out once every couple years.' ... While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers, Rosenberg said."
This discussion has been archived. No new comments can be posted.

5-Year-Old Linux Kernel Bug Fixed

Comments Filter:

"The hottest places in Hell are reserved for those who, in times of moral crisis, preserved their neutrality." -- Dante

Working...