[ISN] Linux vendors rush to patch privilege escalation flaw after root exploits emerge

From: InfoSec News <alerts_at_private>
Date: Wed, 25 Jan 2012 01:54:20 -0600 (CST)

By Lucian Constantin
IDG News Service
January 24, 2012

Linux vendors are rushing to patch a privilege escalation vulnerability 
in the Linux kernel that can be exploited by local attackers to gain 
root access on the system.

The vulnerability, which is identified as CVE-2012-0056, was discovered 
by JA1/4ri Aedla and is caused by a failure of the Linux kernel to 
properly restrict access to the "/proc//mem" file.

According to Carsten Eiram, the chief security specialist at 
vulnerability research firm Secunia, the flaw was introduced in the 
Linux kernel code in March 2011 and affects versions 2.6.39 and above. 
"Any Linux distributions providing these kernel versions should be 
vulnerable," Eiram said.

Linus Torvalds submitted a patch on the official Linux kernel repository 
on Jan. 17, but before Linux vendors had a chance to apply it for their 
distributions, proof-of-concept exploit code already appeared online.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Tue Jan 24 2012 - 23:54:20 PST

This archive was generated by hypermail 2.2.0 : Tue Jan 24 2012 - 23:56:13 PST