Page 1 of 1

Linux Kernel Security Problem

Posted: 29 Jan 2012, 12:48
by Hamza
Hello,

A news which it is not good for the world of Linux Users...

CVE-2012-0056 Linux privilege escalation [Video Demonstration]
TheHackerNews wrote:The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Linux kernel 2.6.39 and later versions are affected.

The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper
I hope this should be fixed soon and before Porteus 2.0 ;)

Re: Linux Kernel Security Problem

Posted: 31 Jan 2012, 08:59
by fanthom
during the weekend i'll provide updated kernel for both archs.
thanks.

Re: Linux Kernel Security Problem

Posted: 31 Jan 2012, 10:47
by Falcony
think it is not much concern us as first it is local user right escalation, and second Porteus isn't server disto

Re: Linux Kernel Security Problem

Posted: 31 Jan 2012, 11:58
by Hamza
think it is not much concern us as first it is local user right escalation, and second Porteus isn't server distro
I already used Porteus Base OS to setup a server using lighttpd which it works very well with it :)