DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th January 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,142
Thanked 182 Times in 149 Posts
Default Linux root exploit due to memory access - Update 2

From http://h-online.com/-1419834

Quote:
Linus Torvalds released a Linux kernel update last week which fixes a flaw in the access control to memory. Shortly afterwards, exploits appeared making it possible to gain root privileges using this error.

Since Linux kernel version 2.6.39 the dump of each process can be viewed in /proc/<pid>/mem and even written to. Before 2.6.39, an #ifdef in the code had prevented writing, but in 2.6.39, the checks had been deemed adequate, so the #ifdef was removed. Those checks, to ensure that only processes with the correct permission could write to the memory, instead proved inadequate and could be easily fooled.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Exim code-execution bug, now with root access J65nko News 0 12th December 2010 12:09 AM
prevent root ssh access carpman FreeBSD Security 7 18th December 2009 04:24 PM
ssh key access non root users carpman FreeBSD Security 7 12th August 2009 06:09 PM
Linux Machine Can access share on Mac bot the reverse dosen't work. FloridaBSD Other BSD and UNIX/UNIX-like 2 6th August 2008 03:16 AM
Attention A Nwe Local Root Exploit t4y4n OpenBSD General 6 2nd July 2008 01:23 AM


All times are GMT. The time now is 12:14 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick