Linux vendors rush to patch privilege escalation flaw after root exploits emerge

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9223675/Linux_vendors_rush_to_patch_privilege_escalation_flaw_after_root_exploits_emerge

By Lucian Constantin
IDG News Service
January 24, 2012

Linux vendors are rushing to patch a privilege escalation vulnerability 
in the Linux kernel that can be exploited by local attackers to gain 
root access on the system.

The vulnerability, which is identified as CVE-2012-0056, was discovered 
by JA1/4ri Aedla and is caused by a failure of the Linux kernel to 
properly restrict access to the "/proc//mem" file.

According to Carsten Eiram, the chief security specialist at 
vulnerability research firm Secunia, the flaw was introduced in the 
Linux kernel code in March 2011 and affects versions 2.6.39 and above. 
"Any Linux distributions providing these kernel versions should be 
vulnerable," Eiram said.

Linus Torvalds submitted a patch on the official Linux kernel repository 
on Jan. 17, but before Linux vendors had a chance to apply it for their 
distributions, proof-of-concept exploit code already appeared online.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn