Root Privileges Through Linux Kernel Bug 131
Lars T. writes "The H has a story about a Linux kernel bug that allows root level access. 'According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers to execute code at root level. The Linux issue is caused by potential overlaps between the memory areas of the stack and shared memory segments.' SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. The bug is not related to the X Server bug found by Brad Spengler."
As the linked article notes: "SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability."
Re:Unrelated? The PDFs are the same! (Score:3, Funny)
How can the two bugs be unrelated? both articles have the exact same link to the exact same PDF! (Hint: the pdf's filename is xorg-large-memory-attacks.pdf on both).
The identical links are caused by another bug called PEBKAC.
Re:Linux! "It just works!" (Score:5, Funny)
Why not ask the kernel developers? Nah, I'm not just joking, don't ask those nutjobs anything, they'll just freak out and start yelling at you.
Re:Nothing to see here.... (Score:4, Funny)
Re:Nothing to see here.... (Score:2, Funny)
Here at Linux Vintners, we will commit no bug fix before its time.
This properly aged bug fix boasts an intense, highly indented C syntax and fragrant blackberry, vanilla, and dark chocolate comment style with just a hint of peppercorns. Richly textured and firmly structured, its lavish blackberry, ripe black plum, dark cherry and spice flavors are enlivened by crisp lint-warning-free compilations. Given its superb balance of fruit, oak, acid and tannin, this sumptuous contextual patch aged beautifully for 6 years, and is now ready to be enjoyed with 2.6 kernels on every platform.
Tuesday (Score:2, Funny)
You're holding it wrong.
Re:ZOMG!!! (Score:5, Funny)
Cut the guy a break, he's a Windows fanboy. He probably thinks a local user is just anyone in the same geographic region.
Re:Nothing to see here.... (Score:5, Funny)
Re:Tuesday (Score:5, Funny)
At least we don't have to wait for four Tuesdays' time for the fix...
No, we had to wait over 300 Tuesdays for the fix to the kernal. That's 75 times better!
Re:0h n03z! (Score:3, Funny)
a redundant first post...?
Yes, there was a redundant x in "h4xx0r5".
Re:Nothing to see here.... (Score:3, Funny)
That's actually an inside joke. I did have a box that I had originally racked and set up on the rack KVM. Almost 2 years later, I was intending to walk up to the box and boot it in to single user mode to find out that someone had decided we never used the KVM port and had set it up for some other system. When I asked around, the best guess was that I had lost my spot on the KVM at least a year ago. I wondered aloud whether I needed to run a screensaver banner that claimed ownership of the KVM port to keep it.
And yes - the vast majority of interaction with that box was via SSH (although I had no reason to put it on a non-standard port).
Obligatory... (Score:5, Funny)
This won't be a problem for me since I don't run Linux.
Now the shoe's on the other foot!