El día 4 de noviembre de 2009 22:37, "Sebastián D. Criado" <[email protected]> escribió: > Existe un error de null pointer dereference la cual permitiría ganar > privilegios de root. El error sería resuelto por la versión 2.6.32. > > -- > Red Midnight and other readers brought to our attention a bug in most > deployed versions of Linux that could result in untrusted users getting root > access. The bug was found by Brad Spengler last month. "The null pointer > dereference flaw was only fixed in the upcoming 2.6.32 release candidate of > the Linux kernel, making virtually all production versions in use at the > moment vulnerable. While attacks can be prevented by implementing a common > feature known as mmap_min_addr, the RHEL distribution... doesn't properly > implement that protection... The... bug is mitigated by default on most > Linux distributions, thanks to their correct implementation of the > mmap_min_addr feature. ... [Spengler] said many other Linux users are also > vulnerable because they run older versions or are forced to turn off > [mmap_min_addr] to run certain types of applications." The register reprints > a dialog from the OpenBSD-misc mailing list in which Theo De Raadt says, > "For the record, this particular problem was resolved in OpenBSD a while > back, in 2008. We are not super proud of the solution, but it is what seems > best faced with a stupid Intel architectural choice. However, it seems that > everyone else is slowly coming around to the same solution." > ---- > Lo leì ayer u hoy, no recuerdo bièn , pero no entendì algo. Por lo que dicen, hay que activar la funciòn mmap_min_addr que segùn parece se utiliza para wine. Que se puede hacer para protegerse?
Omar _______________________________________________ Lugro mailing list [email protected] http://lugro.org.ar/mailman/listinfo/lugro
