Hi,
You may have seen this story which broke yesterday (I think) -
http://www.computerworld.com/article/2861392/security0/the-grinch-isnt-a-linux-vulnerability-red-hat-says.html[1]
. This particular article is making the case
that the problem isn't a vulnerability at all, but plenty of other sites are
claiming
that the sky is falling.
When I first saw it, my first reaction was 'surely you would need physical
access to
use this', a point which is echoed in the linked piece. I can see that
physical access
can include remote logins, but even then, if I've understood the the
technicalities,
wouldn't the attacker already have to have an account on the machine to
escalate
its privileges?
Anyone got a simple analysis of how this works and what the threat is?
--
Terry Coles
--------
[1]
http://www.computerworld.com/article/2861392/security0/the-grinch-isnt-a-linux-vulnerability-red-hat-says.html
--
Next meeting: Bournemouth, Tuesday, 2015-01-06 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:[email protected]
How to Report Bugs Effectively: http://goo.gl/4Xue
