Vulnerability in recent Linux kernels offers root rights

Discussion in 'all things UNIX' started by ronjor, Feb 25, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
    http://www.h-online.com/security/ne...Linux-kernels-offers-root-rights-1810597.html
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    This is big news, user rights is essential for the security of a OS. Hope it get's fixed soon.
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Hmmm not good.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    "With an appropriately crafted message, a local user without administrative privileges can gain control of a system" --> not a biggie for home users.
    Mrk
     
  5. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi

    This kind of privilege escalation vulnerability has already found in the past, without massive in the wild exploitation against desktop users...
    It seems that this one was known since 2012 (july), and a POC is available on Pastbin or Mega...for those who want more investigation.

    Anyway the teams of majors distro are not sleeping
    http://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg304006.html

    For Ubuntu http://www.ubuntu.com/usn/usn-1750-1/
    http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1763.html
    For Fedora https://admin.fedoraproject.org/updates/kernel-3.7.9-104.fc17
    https://admin.fedoraproject.org/updates/kernel-3.7.9-205.fc18

    As discussed on some threads here, MAC or/and kernel hardening can help to mitigate privilege escalation based attacks and malwares: if it is difficult to eliminate any possibility of exploit, there is various ways to limit its impact like "once IN-already blocked"...

    rgds
     
  6. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Ubuntu pushed kernel 3.5.0-25.39 into the security updates today so it should be waiting for everyone in the Software Updater.
     
  7. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    the Android malware party can give you an idea of a mainstream linux
     
  8. I thought the vast majority of Android malware spread by social engineering, not exploits?

    Desktop Linux is probably worse off than Android though, if the Xorg stack is anything to judge.
     
Loading...
Thread Status:
Not open for further replies.