Hi Guys, Just wondering what everyone else is doing in regards to this ;) Anyone?
H On Fri, Aug 14, 2009 at 9:28 AM, Soh Kam Yung<[email protected]> wrote: > [http://www.theregister.co.uk/2009/08/14/critical_linux_bug/] > [http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html] > [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98] > > Ouch! > > ===== > Bug exposes eight years of Linux kernel > By Dan Goodin in San Francisco > > Posted in Security, 14th August 2009 00:54 GMT > > Linux developers have issued a critical update for the open-source OS > after researchers uncovered a vulnerability in its kernel that puts > most versions built in the past eight years at risk of complete > takeover. > > The bug involves the way kernel-level routines such as sock_sendpage > react when they are left unimplemented. Instead of linking to a > corresponding placeholder, (for example, sock_no_accept), the function > pointer is left uninitialized. Sock_sendpage doesn't always validate > the pointer before dereferencing it, leaving the OS open to local > privilege escalation that can completely compromise the underlying > machine. > > [...] > ===== > > -- > Soh Kam Yung > my Google Reader Shared links: > (http://www.google.com/reader/shared/16851815156817689753) > my Google Reader Shared SFAS links: > (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas) > > _______________________________________________ > Slugnet mailing list > [email protected] > http://wiki.lugs.org.sg/LugsMailingListFaq > http://www.lugs.org.sg/mailman/listinfo/slugnet > _______________________________________________ Slugnet mailing list [email protected] http://wiki.lugs.org.sg/LugsMailingListFaq http://www.lugs.org.sg/mailman/listinfo/slugnet
