Linux Kernel Security Problem

New features which should be implemented in Porteus; suggestions are welcome. All questions or problems with testing releases (alpha, beta, or rc) should go in their relevant thread here, rather than the Bug Reports section.
User avatar
Hamza
Warlord
Warlord
Posts: 1908
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Linux Kernel Security Problem

Post#1 by Hamza » 29 Jan 2012, 12:48

Hello,

A news which it is not good for the world of Linux Users...

CVE-2012-0056 Linux privilege escalation [Video Demonstration]
TheHackerNews wrote:The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Linux kernel 2.6.39 and later versions are affected.

The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper
I hope this should be fixed soon and before Porteus 2.0 ;)
NjVFQzY2Rg==

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: Linux Kernel Security Problem

Post#2 by fanthom » 31 Jan 2012, 08:59

during the weekend i'll provide updated kernel for both archs.
thanks.
Please add [Solved] to your thread title if the solution was found.

Falcony
Full of knowledge
Full of knowledge
Posts: 237
Joined: 01 Jan 2011, 12:44
Location: Russia

Re: Linux Kernel Security Problem

Post#3 by Falcony » 31 Jan 2012, 10:47

think it is not much concern us as first it is local user right escalation, and second Porteus isn't server disto

User avatar
Hamza
Warlord
Warlord
Posts: 1908
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Linux Kernel Security Problem

Post#4 by Hamza » 31 Jan 2012, 11:58

think it is not much concern us as first it is local user right escalation, and second Porteus isn't server distro
I already used Porteus Base OS to setup a server using lighttpd which it works very well with it :)
NjVFQzY2Rg==

Post Reply