Vulnerability in recent Linux kernels offers root rights

This is big news, user rights is essential for the security of a OS. Hope it get's fixed soon.

 

Hmmm not good.

 

"With an appropriately crafted message, a local user without administrative privileges can gain control of a system" --> not a biggie for home users.
Mrk

 

Hi

This kind of privilege escalation vulnerability has already found in the past, without massive in the wild exploitation against desktop users...
It seems that this one was known since 2012 (july), and a POC is available on Pastbin or Mega...for those who want more investigation.

Anyway the teams of majors distro are not sleeping
http://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg304006.html

For Ubuntu http://www.ubuntu.com/usn/usn-1750-1/
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1763.html
For Fedora https://admin.fedoraproject.org/updates/kernel-3.7.9-104.fc17
https://admin.fedoraproject.org/updates/kernel-3.7.9-205.fc18

As discussed on some threads here, MAC or/and kernel hardening can help to mitigate privilege escalation based attacks and malwares: if it is difficult to eliminate any possibility of exploit, there is various ways to limit its impact like "once IN-already blocked"...

rgds

 

Ubuntu pushed kernel 3.5.0-25.39 into the security updates today so it should be waiting for everyone in the Software Updater.

 

the Android malware party can give you an idea of a mainstream linux

 

I thought the vast majority of Android malware spread by social engineering, not exploits?

Desktop Linux is probably worse off than Android though, if the Xorg stack is anything to judge.