Kitz Forum

Computer Software => Security => Topic started by: sevenlayermuddle on October 22, 2016, 12:06:39 AM

Title: A Linux vulnerability
Post by: sevenlayermuddle on October 22, 2016, 12:06:39 AM

http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/

As with most Linux issues,  by the time it's reported, it's already been patched.   :)

But more worrying, and unusually, they are suggesting evidence that it had already been exploited in the wild.   :o

Title: Re: A Linux vulnerability
Post by: burakkucat on October 22, 2016, 12:26:10 AM

As you have now mentioned it, I am prepared to say that over the past two days (Thursday 20th and Friday 21st October) I have built five separate kernel package sets (which contain the patched code) for users of RHEL5, RHEL6 and RHEL7 (& thus the clones: Scientific Linux, CentOS).  :)

According to Linus Torvalds, the original flaw was patched eleven years ago but was then subsequently broken by further patches being applied to resolve problems in the architecture specific code for the s390.  ::)

Title: Re: A Linux vulnerability
Post by: sevenlayermuddle on October 22, 2016, 12:30:28 AM

To be clear, the suggestion is that the kernel has been vulnerabe for the past nine years, regardless of what may have happened in the interval between nine and eleven years. :)