Red Hat, Ubuntu and other Linux vendors have patched two flaws in the kernel that allowed users with low-level local access to gain control of a 64-bit Linux system.
The bugs were originally patched in 2007, with the release of kernel version 2.6.22.7, but sometime during the following months developers inadvertently removed the patch, according to Ben Hawkes, who discovered the flaws.
“I showed this to my friend Robert Swiecki who had written an exploit for the original bug in 2007, and he immediately said something along the lines of, ‘well this is interesting’. We pulled up his old exploit from 2007, and with a few minor modifications to the privilege escalation code, we had a root shell,” Hawkes wrote in an advisory last week.
Kernel developers quickly developed a fix and Red Hat released its patches on Tuesday. Red Hat ranked both bugs as “important”. Red Hat’s advisories for the patches can be found here and here.
“On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges,” Red Hat said in its advisories.
Independent security vendor Secunia gave the flaws a “less critical” ranking, due to the fact that only local users with existing accounts could exploit the bugs.
Tesla makes key advances toward advanced self-driving rollout in China as chief Elon Musk meets…
New UK rules bring in basic security requirements for millions of internet-connected devices, aiming to…
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Quick-growing fast-fashion company Shein must comply with most stringent level of EU digital rules after…
