Star Eight Years of Linux Kernel Vulnerable
Linked by Jordan Spencer Cunningham on Fri 14th Aug 2009 02:29 UTC
Linux It's the end of the world. Again. According to some Linux developers and security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.
E-mail Print r 6   · Read More · 58 Comment(s) http://osne.ws/gyx
Thread beginning with comment 378510
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: WinXP
by Carewolf on Fri 14th Aug 2009 13:45 UTC in reply to "RE[3]: WinXP"
Carewolf
Member since:
2005-09-08

No this is not the worst by far. It is a privilege escalation bug, that's pretty common and not that dangerous to the common linux user. It only makes trojans more dangerous, but the virus'es and trojans has to get in first. This is mainly means local users can get more privileges, but local users are usually employees or device owners.

No, the most serious bug in Linux was the big one in ssh, which allowed remote access to most linux server (used in Matrix 2, btw).

Reply Parent Bookmark Score: 2

RE[5]: WinXP
by Lunitik on Sat 15th Aug 2009 22:45 in reply to "RE[4]: WinXP"
Lunitik Member since:
2005-08-07

That wasn't a kernel bug, and wasn't even a bug that effected upstream - you didn't even realize it was actually SSL, not SSH...

That bug was specific to distros based on Debian, because the maintainer of SSL decided to cut corners to make maintenance easier for himself.

Anyway, when Microsoft finally patches the UAC bug that allows escalated privileges - apparently by design - then Windows users can feel free to point at things like this in Linux.

Since Microsoft has stated the flaw is there on purpose, it'll never get patched... this flaw is already patched, it just needs to be applied to current installations.

Reply Parent Bookmark Score: 2

RE[6]: WinXP
by Carewolf on Sun 16th Aug 2009 16:25 in reply to "RE[5]: WinXP"
Carewolf Member since:
2005-09-08

No I am talking about another much older vulnerbility. Note I said the bug was featured in Matrix 2 as a way of hacking? It was discovered in 2001 or 2002, and compromised ssh upstream, making not only linux but even openbsd vulnerable.

Edited 2009-08-16 16:32 UTC

Reply Parent Bookmark Score: 1

RE[6]: WinXP
by brandonlive on Sun 16th Aug 2009 22:22 in reply to "RE[5]: WinXP"
brandonlive Member since:
2008-05-31

Your FUD / lies about Windows aren't appreciated.

There are no known bugs that allow privilege escalation across security boundaries on Windows. A standard user account cannot attain admin privileges without admin credentials. And there are no known vectors for going from Low IL to Medium/High IL without user consent in the default configuration (there are medium -> high vectors on Win7, but they're by design - an option exists to disable them in the UAC control panel. But for most users that is a non-issue. Running High IL apps on the same desktop is risky to begin with since ILs are not a security boundary).

Reply Parent Bookmark Score: 0