Linux kernel exploit! Is the world ending?

GreyGeek

Ascendant

Join Date: Feb 2009

Posts: 18278

Send PM
#1

Linux kernel exploit! Is the world ending?

Jan 25, 2012, 06:33 PM

http://www.techworld.com.au/article/...xploits_emerge

Before some fanboi sticks this in your eye as "proof" that Linux is "just as vulnerable as {other OS here}" remind them of one thing: This is a LOCAL exploit, which means that in order to use it the bad guy has to have physical access to your machine. If they have that then you have other security problems beside this one.

"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
Tags: None

Top

Bottom
Detonate

**GHOST**

Join Date: Jan 2007

Posts: 2619

Send PM
#2

Jan 26, 2012, 08:28 AM

Reminds me of the first malware I got on a computer circa 1996. It came from an infected floppy disk. That was when I started my education on malware removal.
Top

Bottom
Comment
GreyGeek

Ascendant

Join Date: Feb 2009

Posts: 18278

Send PM
#3

Jan 26, 2012, 10:43 AM

Was that on Win3.1 ?

"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
Top

Bottom
Comment
OneLine

Master Skribe

Join Date: Nov 2011

Posts: 775

Send PM
#4

Jan 26, 2012, 10:56 AM

https://lists.ubuntu.com/mailman/lis...urity-announce
--> https://lists.ubuntu.com/archives/ub...ry/thread.html

Collective quote - 8.04 LTS, 10.04 LTS, 10.10, 11.04, 11.10

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS, 10.04 LTS, 10.10, 11.04, 11.10

Summary:

Several security issues were fixed in the kernel.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

(to the latest kernel version)

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Last edited by OneLine; Jan 26, 2012, 11:22 AM.

Have you tried ?

- How to Ask a Question on the Internet and Get It Answered
- How To Ask Questions The Smart Way
Top

Bottom
Comment
Detonate

**GHOST**

Join Date: Jan 2007

Posts: 2619

Send PM
#5

Jan 26, 2012, 11:01 AM

I can't remember if it was 3.1 or 95.
Top

Bottom
Comment
kyonides

Esteemed Member

Join Date: Jan 2009

Posts: 690

Send PM
#6

Jan 29, 2012, 01:55 AM

At least we just need to update our kernel to get rid of that local exploit. Otherwise I would get nuts if my box could also be vulnerable to freakish cybernetic attacks, too.

BTW, glad to be back.

Multibooting: Kubuntu Noble 24.04
Before: Jammy 22.04, Focal 20.04, Precise 12.04 Xenial 16.04 and Bionic 18.04
Win XP, 7 & 10 sadly
Using Linux since June, 2008
Top

Bottom
Comment
GreyGeek

Ascendant

Join Date: Feb 2009

Posts: 18278

Send PM
#7

Jan 29, 2012, 08:08 AM

Originally posted by kyonides View Post

At least we just need to update our kernel to get rid of that local exploit. Otherwise I would get nuts if my box could also be vulnerable to freakish cybernetic attacks, too.

BTW, glad to be back.

And those kernel updates (precomiled!) are installed automatically as they become available. Life is good!

Glad you are back!

"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.
Top

Bottom
Comment
SteveRiley

Pan-Galactic Quordlepleen
So Long, and Thanks for All the Fish

Join Date: Jul 2011

Posts: 9625

Location: Seattle, WA, USA

Send PM
#8

Jan 31, 2012, 01:53 AM

During my time at Microsoft, there were times where people gloated over various statistics showing that, during some-month-or-other, there were more Linux security bugs than Windows. I remember thinking to myself, what a silly thing to count. Software is created by humans. Humans are imperfect. Therefore, software will be imperfect.

At the risk of repeating myself, I wrote about this notion recently on the blog at my employer. I've often used the diagram there in presentations; I think it provides the right perspective. There's more to good security than counting vulnerabilities.
Top

Bottom
Comment

Announcement

Linux kernel exploit! Is the world ending?

Linux kernel exploit! Is the world ending?

Comment

Comment

Comment

Comment

Comment

Comment

Comment