Vulnerability in Linux Surfaces
Source: Goldsboro Networks
Last week, Security Researcher Rafal Wojtczuk, of Invisible Things Lab detailed a security exploit that had been present in all Linux distributions since 2003 in this Large Memory Attacks (pdf) report. This is a exploit that Linux distributors had already known about for months prior to this report and though the main-stream Linux Kernel has been updated to address this vulnerability, many distributions have yet to address it.
This exploit preys off the methods in which Linux manages memory, though the file-system and security descriptors are secure while being processed and while on the hard-drive, however once the vulnerability is passed to memory, the entire program or set of instructions completely allows manipulations from unauthorized sources; a flaw that has only recently surfaced. This exploit, however is completely dependent on the system running the Xorg server, by allowing any user root privileges to run the server itself.