Linked by Jordan Spencer Cunningham on Fri 14th Aug 2009 02:29 UTC
It's the end of the world. Again. According to some Linux developers and security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.
Thread beginning with comment 378706
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-09-08
Member since:2008-05-31
Your FUD / lies about Windows aren't appreciated.
There are no known bugs that allow privilege escalation across security boundaries on Windows. A standard user account cannot attain admin privileges without admin credentials. And there are no known vectors for going from Low IL to Medium/High IL without user consent in the default configuration (there are medium -> high vectors on Win7, but they're by design - an option exists to disable them in the UAC control panel. But for most users that is a non-issue. Running High IL apps on the same desktop is risky to begin with since ILs are not a security boundary).
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-08-07
That wasn't a kernel bug, and wasn't even a bug that effected upstream - you didn't even realize it was actually SSL, not SSH...
That bug was specific to distros based on Debian, because the maintainer of SSL decided to cut corners to make maintenance easier for himself.
Anyway, when Microsoft finally patches the UAC bug that allows escalated privileges - apparently by design - then Windows users can feel free to point at things like this in Linux.
Since Microsoft has stated the flaw is there on purpose, it'll never get patched... this flaw is already patched, it just needs to be applied to current installations.