Linux Kernel Security Problem

Post#1 by **Hamza** » 29 Jan 2012, 12:48

Hello,

A news which it is not good for the world of Linux Users...

CVE-2012-0056 Linux privilege escalation [Video Demonstration]

TheHackerNews wrote:The Linux kernel is prone to a local privilege-escalation vulnerability.Attackers can exploit this issue to gain escalated privileges and execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Linux kernel 2.6.39 and later versions are affected.

The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper

I hope this should be fixed soon and before Porteus 2.0

Post#2 by **fanthom** » 31 Jan 2012, 08:59

during the weekend i'll provide updated kernel for both archs.
thanks.

Post#3 by **Falcony** » 31 Jan 2012, 10:47

think it is not much concern us as first it is local user right escalation, and second Porteus isn't server disto

Post#4 by **Hamza** » 31 Jan 2012, 11:58

think it is not much concern us as first it is local user right escalation, and second Porteus isn't server distro

I already used Porteus Base OS to setup a server using lighttpd which it works very well with it

Porteus

Linux Kernel Security Problem

Linux Kernel Security Problem

Re: Linux Kernel Security Problem

Re: Linux Kernel Security Problem

Re: Linux Kernel Security Problem