Information Security News mailing list archives
Linux vendors rush to patch privilege escalation flaw after root exploits emerge
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 25 Jan 2012 01:54:20 -0600 (CST)
http://www.computerworld.com/s/article/9223675/Linux_vendors_rush_to_patch_privilege_escalation_flaw_after_root_exploits_emerge By Lucian Constantin IDG News Service January 24, 2012Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system.
The vulnerability, which is identified as CVE-2012-0056, was discovered by JA1/4ri Aedla and is caused by a failure of the Linux kernel to properly restrict access to the "/proc//mem" file.
According to Carsten Eiram, the chief security specialist at vulnerability research firm Secunia, the flaw was introduced in the Linux kernel code in March 2011 and affects versions 2.6.39 and above. "Any Linux distributions providing these kernel versions should be vulnerable," Eiram said.
Linus Torvalds submitted a patch on the official Linux kernel repository on Jan. 17, but before Linux vendors had a chance to apply it for their distributions, proof-of-concept exploit code already appeared online.
[...] _____________________________________________________ Did a friend send you this article? Make it your New Year's Resolution to subscribe to InfoSec News! http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Linux vendors rush to patch privilege escalation flaw after root exploits emerge InfoSec News (Jan 24)