http://www.computerworld.com/s/article/9223675/Linux_vendors_rush_to_patch_privilege_escalation_flaw_after_root_exploits_emerge By Lucian Constantin IDG News Service January 24, 2012 Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system. The vulnerability, which is identified as CVE-2012-0056, was discovered by JA1/4ri Aedla and is caused by a failure of the Linux kernel to properly restrict access to the "/proc//mem" file. According to Carsten Eiram, the chief security specialist at vulnerability research firm Secunia, the flaw was introduced in the Linux kernel code in March 2011 and affects versions 2.6.39 and above. "Any Linux distributions providing these kernel versions should be vulnerable," Eiram said. Linus Torvalds submitted a patch on the official Linux kernel repository on Jan. 17, but before Linux vendors had a chance to apply it for their distributions, proof-of-concept exploit code already appeared online. [...] _____________________________________________________ Did a friend send you this article? Make it your New Year's Resolution to subscribe to InfoSec News! http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Jan 24 2012 - 23:54:20 PST
This archive was generated by hypermail 2.2.0 : Tue Jan 24 2012 - 23:56:13 PST