Forum Home
Press F1
Thread ID: 41333	2004-01-07 10:04:00	Serious Security Flaw in Linux Kernel	bishfish (2819)	Press F1

Post ID	Timestamp	Content	User
205885	2004-01-07 10:04:00	Just off LockerGnome: Serious security flaw fixed in Linux kernel "A new version of the 2 . 4 Linux kernel was released overnight that addresses a serious security hole that could enable any user to escalate his privileges on a machine and run code . The flaw lies in the memory management code in the mremap system call in versions up to and including 2 . 4 . 23 . Mremap resizes and moves processes into virtual memory areas (VMAs) . An incorrect bounds check could lead to a malicious VMA that could disrupt other areas of the kernel's memory management subroutines, according to an alert released by Polish research firm iSEC Security Research Inc . Researcher Paul Starzetz, who discovered the flaw, said his team concentrated on the 2 . 4 kernel, but he said it is possible the recently released 2 . 6 kernel is affected as well . 'Since the 2 . 6 branch is much more complex than, let's say 2 . 4, it is imaginable that there are more exploitation paths in 2 . 6 than in 2 . 4,' Starzetz said in an e-mail exchange . 'We didn't study every detail about 2 . 2, 2 . 4 and 2 . 6 and concentrated onto [sic] 2 . 4 . ' " I was under the impression there were no security issues with Linux???	bishfish (2819)
205886	2004-01-07 10:30:00	I think the above post is the same as this one: pressf1.pcworld.co.nz	stu140103 (137)
205887	2004-01-07 10:32:00	> I was under the impression there were no security > issues with Linux??? That is OS for you, NO OS is perfect Not even Linux :D	stu140103 (137)
205888	2004-01-07 12:08:00	BSD is even better at security than Linux... That's old news by now though, happened late Nov/early Dec IIRC, to the Gentoo and Debian Mirror. Im sure you need a username/password on the PC first though dont you to get the access....?	Chilling_Silently (228)
1