Bug exposes eight years of Linux kernel

Discussion in 'News' started by Fergal1982, Aug 14, 2009.

  1. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    Aug 14, 2009 #1

    Bug exposes eight years of Linux kernel



    Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

    The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

    Full Story: here
    I'm sure theres a dig to be had here somewhere...
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
porta2_tags:

Comments

    1. JK2447
      JK2447
      Good to know thanks
      Aug 14, 2009
      #2
    2. Obinna Osobalu
      Obinna Osobalu
      With all the vociferousness about how secure Open-source is. As the popular saying goes, "Too many cooks spoil the broth". Actually, I don't seem surprised. :D
      Aug 14, 2009
      #3
    3. ThomasMc
      ThomasMc
      This has been fixed already "yum update" :)
      Aug 14, 2009
      #4

    Share This Page

Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...