Advertisement
 
To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------
Linux kernel flaw gifts local users root privilege

By Stefan Beiersmann, ZDNet Germany
February 12, 2008
URL: http://www.zdnet.com.au/news/software/soa/Linux-kernel-flaw-gifts-local-users-root-privilege/0,130061733,339285840,00.htm


An error in the workings of Linux kernel versions 2.6.17 to 2.6.24.1 can give local users access to root privileges.

Although example code and root exploits exist for the vulnerability security firm Secunia has rated the problem as "less critical".

The vulnerability is caused by a missing verification of parameters within the Linux kernel's "vmsplice" function, which appears in versions 2.6.17 to 2.6.24.1.

A fix for the vulnerability was quickly released for the latter version of the kernel, but first tests showed that the patch did not solve the problem completely.

Version 2.6.24.2 has since been released as a solution to the problem, while Secunia suggests updating to version 2.6.24.2 or to 2.6.23.16 to remedy the error.

Developers have also finished the development phase of the next kernel version, 2.6.25, and have put out an initial Release Candidate. The finished version of the new kernel is expected to be released in April.

Suzanne Tindal of ZDNet.com.au contributed to this report.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.