Vulnerability in Linux Surfaces

Aug 24

Last week, Security Researcher Rafal Wojtczuk, of Invisible Things Lab detailed a security exploit that had been present in all Linux distributions since 2003 in this {title} ({hits}) (pdf) report. This is a exploit that Linux distributors had already known about for months prior to this report and though the main-stream Linux Kernel has been updated to address this vulnerability, many distributions have yet to address it.

This exploit preys off the methods in which Linux manages memory, though the file-system and security descriptors are secure while being processed and while on the hard-drive, however once the vulnerability is passed to memory, the entire program or set of instructions completely allows manipulations from unauthorized sources; a flaw that has only recently surfaced.  This exploit, however is completely dependent on the system running the Xorg server, by allowing any user root privileges to run the server itself.

2 Comments

  1. Aug 20 2010 19 29 49 ………….However you overstate the situation when you say this cannot be exploited remotely or the that this could not be useful to a malware creator. Hackers without password access still have to hack into the box to create a three-way handshake connection and then gain access to a gui desktop in order to use this exploit.

    Reply

Leave a Reply

Secured for spam by MLW and Associates, LLP's Super CAPTCHASecured by Super-CAPTCHA Developed by Goldsboro Web Development..