Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Bug Open Source Operating Systems Security Linux

5-Year-Old Linux Kernel Bug Fixed 127 127

rastos1 sends in a report about a significant bug fix for the Linux kernel (CVE-2014-0196). "'The memory-corruption vulnerability, which was introduced in version 2.6.31-rc3, released no later than 2009, allows unprivileged users to crash or execute malicious code on vulnerable systems, according to the notes accompanying proof-of-concept code available here. The flaw resides in the n_tty_write function controlling the Linux pseudo tty device. 'This is the first serious privilege escalation vulnerability since the perf_events issue (CVE-2013-2049) in April 2013 that is potentially reliably exploitable, is not architecture or configuration dependent, and affects a wide range of Linux kernels (since 2.6.31),' Dan Rosenberg, a senior security researcher at Azimuth Security, told Ars in an e-mail. 'A bug this serious only comes out once every couple years.' ... While the vulnerability can be exploited only by someone with an existing account, the requirement may not be hard to satisfy in hosting facilities that provide shared servers, Rosenberg said."
This discussion has been archived. No new comments can be posted.

5-Year-Old Linux Kernel Bug Fixed

Comments Filter:

"Why waste negative entropy on comments, when you could use the same entropy to create bugs instead?" -- Steve Elias

Working...