Samker's Computer Forum - SCforum.info
Software & Hardware Mix: => Linux / Unix / Android => Topic started by: Samker on 22. October 2010., 07:09:05
-
(http://1.bp.blogspot.com/_8bKHsrsdeQk/S-olVIrUhrI/AAAAAAAAAQI/ZHeRrn9ev-8/s1600/linux.jpg)
Security researchers have disclosed a vulnerability in the Linux operating system that allows unprivileged users to gain “superuser” rights on target systems.
The bug in the Linux implementation of RDS, or reliable datagram sockets, protocol can be exploited by local users by sending specially manipulated packets that write certain values into kernel memory, according to VSR Security, the firm that disclosed the vulnerability: http://www.vsecurity.com/resources/advisory/20101019-1/ (http://www.vsecurity.com/resources/advisory/20101019-1/)
The issue was introduced into the Linux kernel in version 2.6.30, when RDS was first added.
A fix for the bug was committed last week by Linux Torvalds: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=799c10559d60f159ab2232203f222f18fa3c4a5f (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=799c10559d60f159ab2232203f222f18fa3c4a5f)
A second Linux security bug resided in the GNU C library, but it is “a low impact vulnerability that is only of interest to security professionals and system administrators,” according to Tavis Ormandy, who discovered it: http://seclists.org/fulldisclosure/2010/Oct/257 (http://seclists.org/fulldisclosure/2010/Oct/257)
(ElReg)
-
Ok, but why is my avatar up there ? ;D
Thanks for the news Samker.
-
Ok, but why is my avatar up there ? ;D
>:D
by the way, 1 more and you'll have 100 posts at SCF :bih: with them you'll have SCF Advanced Member status: http://scforum.info/index.php/topic,3740.0.html (http://scforum.info/index.php/topic,3740.0.html)
-
Thanks for sharing samker !!