Bug exposes eight years of Linux kernel
Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
Full Story: here
I'm sure theres a dig to be had here somewhere...
Bug exposes eight years of Linux kernel
Discussion in 'News' started by Fergal1982, Aug 14, 2009.
porta2_tags:
Comments
-
Share This Page